CVE-2026-23405

/* * Conceptual PoC for CVE-2026-23405 * This code demonstrates the logic of creating nested namespaces * to exhaust system resources. Actual implementation requires * specific AppArmor namespace creation interfaces. */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> // Simulating the creation of a nested namespace. // In a real exploit, this would involve AppArmor specific syscalls or file operations. void create_nested_namespace(int depth) { if (depth <= 0) return; // Placeholder for AppArmor namespace creation logic // e.g., unshare(CLONE_NEWNS) or writing to apparmorfs printf("Creating namespace at depth: %d\n", depth); // Recursion to create nesting create_nested_namespace(depth - 1); } int main() { printf("Starting PoC for CVE-2026-23405...\n"); // Attempt to create a very deep nesting structure // to trigger resource exhaustion while(1) { create_nested_namespace(10000); } return 0; }

{"cve": {"id": "CVE-2026-23405", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-04-01T09:16:16.153", "lastModified": "2026-04-24T18:40:27.023", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix: limit the number of levels of policy namespaces\n\nCurrently the number of policy namespaces is not bounded relying on\nthe user namespace limit. However policy namespaces aren't strictly\ntied to user namespaces and it is possible to create them and nest\nthem arbitrarily deep which can be used to exhaust system resource.\n\nHard cap policy namespaces to the same depth as user namespaces."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.36.1", "versionEndExcluding": "5.10.253", "matchCriteriaId": "A0CBC198-582C-40A0-A6C1-C5B39993F590"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.203", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.169", "matchCriteriaId": "DBEC0E5D-641C-4E98-A6D9-5799B10CE451"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.6.130", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.77", "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.18", "matchCriteriaId": "346AD1FB-0CE8-4D9D-8E56-5EB1A4D06199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.8", "matchCriteriaId": "C65A7D85-C7C6-485E-AC35-66A374C73FAC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*", "matchCriteriaId": "D4407EF9-4ECF-408F-9ECB-0705E3FB65D5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/306039414932c80f8420695a24d4fe10c84ccfb2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/3f8699b3ee0c04b4b9bc27b82cd89a40e81e1d2e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/6b396cc2f0365e684fc1d3547d18ef79fcee225d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/7b6495ead2c611647f6b11441a852324e3eb8616", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/853ce31ca72097d23991a06876a2ccb5cb64b603", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/87d0cecc900e55d55fc4dbfb43ac93e269c7a5b3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url ... (truncated)