CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> apparmor: fix differential encoding verification<br /> <br /> Differential encoding allows loops to be created if it is abused. To<br /> prevent this the unpack should verify that a diff-encode chain<br /> terminates.<br /> <br /> Unfortunately the differential encode verification had two bugs.<br /> <br /> 1. it conflated states that had gone through check and already been<br /> marked, with states that were currently being checked and marked.<br /> This means that loops in the current chain being verified are treated<br /> as a chain that has already been verified.<br /> <br /> 2. the order bailout on already checked states compared current chain<br /> check iterators j,k instead of using the outer loop iterator i.<br /> Meaning a step backwards in states in the current chain verification<br /> was being mistaken for moving to an already verified state.<br /> <br /> Move to a double mark scheme where already verified states get a<br /> different mark, than the current chain being kept. This enables us<br /> to also drop the backwards verification check that was the cause of<br /> the second error as any already verified state is already marked.