CVE-2026-45884

UNKNOWN 0.0

apparmor: avoid per-cpu hold underflow in aa_get_buffer

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid per-cpu hold underflow in aa_get_buffer When aa_get_buffer() pulls from the per-cpu list it unconditionally decrements cache->hold. If hold reaches 0 while count is still non-zero, the unsigned decrement wraps to UINT_MAX. This keeps hold non-zero for a very long time, so aa_put_buffer() never returns buffers to the global list, which can starve other CPUs and force repeated kmalloc(aa_g_path_max) allocations. Guard the decrement so hold never underflows.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 27, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

ea9bae12d02819556db63348db8bd8441eb316f2 < 202824a1f89a9786c20a3d646a7c88d223abb1b2 ea9bae12d02819556db63348db8bd8441eb316f2 < 80c334acc6d0bee8605a358a33e69b4aea1ffb92 ea9bae12d02819556db63348db8bd8441eb316f2 < 4bcddd0f6b2e52b4c7b520e4d36a115caf5b7169 ea9bae12d02819556db63348db8bd8441eb316f2 < 640cf2f09575c9dc344b3f7be2498d31e3923ead

Linux / Linux

6.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/202824a1f89a9786c20a3d646a7c88d223abb1b2 git.kernel.org: https://git.kernel.org/stable/c/80c334acc6d0bee8605a358a33e69b4aea1ffb92 git.kernel.org: https://git.kernel.org/stable/c/4bcddd0f6b2e52b4c7b520e4d36a115caf5b7169 git.kernel.org: https://git.kernel.org/stable/c/640cf2f09575c9dc344b3f7be2498d31e3923ead