CVE-2026-46254 (GCVE-0-2026-46254)

Vulnerability from cvelistv5 – Published: 2026-06-03 15:49 – Updated: 2026-06-03 15:49
VLAI
Title
AppArmor: Allow apparmor to handle unaligned dfa tables
Summary
In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures. Resulting in the following [   73.901376] WARNING: CPU: 0 PID: 341 at security/apparmor/match.c:316 aa_dfa_unpack+0x6cc/0x720 [   74.015867] Modules linked in: binfmt_misc evdev flash sg drm drm_panel_orientation_quirks backlight i2c_core configfs nfnetlink autofs4 ext4 crc16 mbcache jbd2 hid_generic usbhid sr_mod hid cdrom sd_mod ata_generic ohci_pci ehci_pci ehci_hcd ohci_hcd pata_ali libata sym53c8xx scsi_transport_spi tg3 scsi_mod usbcore libphy scsi_common mdio_bus usb_common [   74.428977] CPU: 0 UID: 0 PID: 341 Comm: apparmor_parser Not tainted 6.18.0-rc6+ #9 NONE [   74.536543] Call Trace: [   74.568561] [<0000000000434c24>] dump_stack+0x8/0x18 [   74.633757] [<0000000000476438>] __warn+0xd8/0x100 [   74.696664] [<00000000004296d4>] warn_slowpath_fmt+0x34/0x74 [   74.771006] [<00000000008db28c>] aa_dfa_unpack+0x6cc/0x720 [   74.843062] [<00000000008e643c>] unpack_pdb+0xbc/0x7e0 [   74.910545] [<00000000008e7740>] unpack_profile+0xbe0/0x1300 [   74.984888] [<00000000008e82e0>] aa_unpack+0xe0/0x6a0 [   75.051226] [<00000000008e3ec4>] aa_replace_profiles+0x64/0x1160 [   75.130144] [<00000000008d4d90>] policy_update+0xf0/0x280 [   75.201057] [<00000000008d4fc8>] profile_replace+0xa8/0x100 [   75.274258] [<0000000000766bd0>] vfs_write+0x90/0x420 [   75.340594] [<00000000007670cc>] ksys_write+0x4c/0xe0 [   75.406932] [<0000000000767174>] sys_write+0x14/0x40 [   75.472126] [<0000000000406174>] linux_sparc_syscall+0x34/0x44 [   75.548802] ---[ end trace 0000000000000000 ]--- [   75.609503] dfa blob stream 0xfff0000008926b96 not aligned. [   75.682695] Kernel unaligned access at TPC[8db2a8] aa_dfa_unpack+0x6e8/0x720 Work around it by using the get_unaligned_xx() helpers.
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: e6e8bf418850d7958311a96ccfb594f2bcc8313e , < ec737e7fdf2f0ba7b203d4ec72cc915978b10e7e (git)
Affected: e6e8bf418850d7958311a96ccfb594f2bcc8313e , < 23f112bd6144e815153462e12d313ac3e7027168 (git)
Affected: e6e8bf418850d7958311a96ccfb594f2bcc8313e , < cded636008bde2b397a7cf63b8299d7c303aaf6a (git)
Affected: e6e8bf418850d7958311a96ccfb594f2bcc8313e , < 64802f731214a51dfe3c6c27636b3ddafd003eb0 (git)
Create a notification for this product.
Linux Linux Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 6.12.75 , ≤ 6.12.* (semver)
Unaffected: 6.18.14 , ≤ 6.18.* (semver)
Unaffected: 6.19.4 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/match.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec737e7fdf2f0ba7b203d4ec72cc915978b10e7e",
              "status": "affected",
              "version": "e6e8bf418850d7958311a96ccfb594f2bcc8313e",
              "versionType": "git"
            },
            {
              "lessThan": "23f112bd6144e815153462e12d313ac3e7027168",
              "status": "affected",
              "version": "e6e8bf418850d7958311a96ccfb594f2bcc8313e",
              "versionType": "git"
            },
            {
              "lessThan": "cded636008bde2b397a7cf63b8299d7c303aaf6a",
              "status": "affected",
              "version": "e6e8bf418850d7958311a96ccfb594f2bcc8313e",
              "versionType": "git"
            },
            {
              "lessThan": "64802f731214a51dfe3c6c27636b3ddafd003eb0",
              "status": "affected",
              "version": "e6e8bf418850d7958311a96ccfb594f2bcc8313e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/match.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.14",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.4",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nAppArmor: Allow apparmor to handle unaligned dfa tables\n\nThe dfa tables can originate from kernel or userspace and 8-byte alignment\nisn\u0027t always guaranteed and as such may trigger unaligned memory accesses\non various architectures. Resulting in the following\n\n[\u00a0\u00a0 73.901376] WARNING: CPU: 0 PID: 341 at security/apparmor/match.c:316 aa_dfa_unpack+0x6cc/0x720\n[\u00a0\u00a0 74.015867] Modules linked in: binfmt_misc evdev flash sg drm drm_panel_orientation_quirks backlight i2c_core configfs nfnetlink autofs4 ext4 crc16 mbcache jbd2 hid_generic usbhid sr_mod hid cdrom\nsd_mod ata_generic ohci_pci ehci_pci ehci_hcd ohci_hcd pata_ali libata sym53c8xx scsi_transport_spi tg3 scsi_mod usbcore libphy scsi_common mdio_bus usb_common\n[\u00a0\u00a0 74.428977] CPU: 0 UID: 0 PID: 341 Comm: apparmor_parser Not tainted 6.18.0-rc6+ #9 NONE\n[\u00a0\u00a0 74.536543] Call Trace:\n[\u00a0\u00a0 74.568561] [\u003c0000000000434c24\u003e] dump_stack+0x8/0x18\n[\u00a0\u00a0 74.633757] [\u003c0000000000476438\u003e] __warn+0xd8/0x100\n[\u00a0\u00a0 74.696664] [\u003c00000000004296d4\u003e] warn_slowpath_fmt+0x34/0x74\n[\u00a0\u00a0 74.771006] [\u003c00000000008db28c\u003e] aa_dfa_unpack+0x6cc/0x720\n[\u00a0\u00a0 74.843062] [\u003c00000000008e643c\u003e] unpack_pdb+0xbc/0x7e0\n[\u00a0\u00a0 74.910545] [\u003c00000000008e7740\u003e] unpack_profile+0xbe0/0x1300\n[\u00a0\u00a0 74.984888] [\u003c00000000008e82e0\u003e] aa_unpack+0xe0/0x6a0\n[\u00a0\u00a0 75.051226] [\u003c00000000008e3ec4\u003e] aa_replace_profiles+0x64/0x1160\n[\u00a0\u00a0 75.130144] [\u003c00000000008d4d90\u003e] policy_update+0xf0/0x280\n[\u00a0\u00a0 75.201057] [\u003c00000000008d4fc8\u003e] profile_replace+0xa8/0x100\n[\u00a0\u00a0 75.274258] [\u003c0000000000766bd0\u003e] vfs_write+0x90/0x420\n[\u00a0\u00a0 75.340594] [\u003c00000000007670cc\u003e] ksys_write+0x4c/0xe0\n[\u00a0\u00a0 75.406932] [\u003c0000000000767174\u003e] sys_write+0x14/0x40\n[\u00a0\u00a0 75.472126] [\u003c0000000000406174\u003e] linux_sparc_syscall+0x34/0x44\n[\u00a0\u00a0 75.548802] ---[ end trace 0000000000000000 ]---\n[\u00a0\u00a0 75.609503] dfa blob stream 0xfff0000008926b96 not aligned.\n[\u00a0\u00a0 75.682695] Kernel unaligned access at TPC[8db2a8] aa_dfa_unpack+0x6e8/0x720\n\nWork around it by using the get_unaligned_xx() helpers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T15:49:50.994Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec737e7fdf2f0ba7b203d4ec72cc915978b10e7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/23f112bd6144e815153462e12d313ac3e7027168"
        },
        {
          "url": "https://git.kernel.org/stable/c/cded636008bde2b397a7cf63b8299d7c303aaf6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/64802f731214a51dfe3c6c27636b3ddafd003eb0"
        }
      ],
      "title": "AppArmor: Allow apparmor to handle unaligned dfa tables",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-46254",
    "datePublished": "2026-06-03T15:49:50.994Z",
    "dateReserved": "2026-05-13T15:03:33.107Z",
    "dateUpdated": "2026-06-03T15:49:50.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-46254\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-03T18:16:26.323\",\"lastModified\":\"2026-06-03T18:16:26.323\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nAppArmor: Allow apparmor to handle unaligned dfa tables\\n\\nThe dfa tables can originate from kernel or userspace and 8-byte alignment\\nisn\u0027t always guaranteed and as such may trigger unaligned memory accesses\\non various architectures. Resulting in the following\\n\\n[\u00a0\u00a0 73.901376] WARNING: CPU: 0 PID: 341 at security/apparmor/match.c:316 aa_dfa_unpack+0x6cc/0x720\\n[\u00a0\u00a0 74.015867] Modules linked in: binfmt_misc evdev flash sg drm drm_panel_orientation_quirks backlight i2c_core configfs nfnetlink autofs4 ext4 crc16 mbcache jbd2 hid_generic usbhid sr_mod hid cdrom\\nsd_mod ata_generic ohci_pci ehci_pci ehci_hcd ohci_hcd pata_ali libata sym53c8xx scsi_transport_spi tg3 scsi_mod usbcore libphy scsi_common mdio_bus usb_common\\n[\u00a0\u00a0 74.428977] CPU: 0 UID: 0 PID: 341 Comm: apparmor_parser Not tainted 6.18.0-rc6+ #9 NONE\\n[\u00a0\u00a0 74.536543] Call Trace:\\n[\u00a0\u00a0 74.568561] [\u003c0000000000434c24\u003e] dump_stack+0x8/0x18\\n[\u00a0\u00a0 74.633757] [\u003c0000000000476438\u003e] __warn+0xd8/0x100\\n[\u00a0\u00a0 74.696664] [\u003c00000000004296d4\u003e] warn_slowpath_fmt+0x34/0x74\\n[\u00a0\u00a0 74.771006] [\u003c00000000008db28c\u003e] aa_dfa_unpack+0x6cc/0x720\\n[\u00a0\u00a0 74.843062] [\u003c00000000008e643c\u003e] unpack_pdb+0xbc/0x7e0\\n[\u00a0\u00a0 74.910545] [\u003c00000000008e7740\u003e] unpack_profile+0xbe0/0x1300\\n[\u00a0\u00a0 74.984888] [\u003c00000000008e82e0\u003e] aa_unpack+0xe0/0x6a0\\n[\u00a0\u00a0 75.051226] [\u003c00000000008e3ec4\u003e] aa_replace_profiles+0x64/0x1160\\n[\u00a0\u00a0 75.130144] [\u003c00000000008d4d90\u003e] policy_update+0xf0/0x280\\n[\u00a0\u00a0 75.201057] [\u003c00000000008d4fc8\u003e] profile_replace+0xa8/0x100\\n[\u00a0\u00a0 75.274258] [\u003c0000000000766bd0\u003e] vfs_write+0x90/0x420\\n[\u00a0\u00a0 75.340594] [\u003c00000000007670cc\u003e] ksys_write+0x4c/0xe0\\n[\u00a0\u00a0 75.406932] [\u003c0000000000767174\u003e] sys_write+0x14/0x40\\n[\u00a0\u00a0 75.472126] [\u003c0000000000406174\u003e] linux_sparc_syscall+0x34/0x44\\n[\u00a0\u00a0 75.548802] ---[ end trace 0000000000000000 ]---\\n[\u00a0\u00a0 75.609503] dfa blob stream 0xfff0000008926b96 not aligned.\\n[\u00a0\u00a0 75.682695] Kernel unaligned access at TPC[8db2a8] aa_dfa_unpack+0x6e8/0x720\\n\\nWork around it by using the get_unaligned_xx() helpers.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/23f112bd6144e815153462e12d313ac3e7027168\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/64802f731214a51dfe3c6c27636b3ddafd003eb0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cded636008bde2b397a7cf63b8299d7c303aaf6a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ec737e7fdf2f0ba7b203d4ec72cc915978b10e7e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.