CVE-2026-45965
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
27/05/2026
Last modified:
16/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
apparmor: fix invalid deref of rawdata when export_binary is unset<br />
<br />
If the export_binary parameter is disabled on runtime, profiles that<br />
were loaded before that will still have their rawdata stored in<br />
apparmorfs, with a symbolic link to the rawdata on the policy<br />
directory. When one of those profiles are replaced, the rawdata is set<br />
to NULL, but when trying to resolve the symbolic links to rawdata for<br />
that profile, it will try to dereference profile->rawdata->name when<br />
profile->rawdata is now NULL causing an oops. Fix it by checking if<br />
rawdata is set.<br />
<br />
[ 168.653080] BUG: kernel NULL pointer dereference, address: 0000000000000088<br />
[ 168.657420] #PF: supervisor read access in kernel mode<br />
[ 168.660619] #PF: error_code(0x0000) - not-present page<br />
[ 168.663613] PGD 0 P4D 0<br />
[ 168.665450] Oops: Oops: 0000 [#1] SMP NOPTI<br />
[ 168.667836] CPU: 1 UID: 0 PID: 1729 Comm: ls Not tainted 6.19.0-rc7+ #3 PREEMPT(voluntary)<br />
[ 168.672308] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br />
[ 168.679327] RIP: 0010:rawdata_get_link_base.isra.0+0x23/0x330<br />
[ 168.682768] Code: 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 18 48 89 55 d0 48 85 ff 0f 84 e3 01 00 00 83 3c 25 88 00 00 00 00 0f 84 d4 01 00 00 49 89 f6 49 89 cc e8<br />
[ 168.689818] RSP: 0018:ffffcdcb8200fb80 EFLAGS: 00010282<br />
[ 168.690871] RAX: ffffffffaee74ec0 RBX: 0000000000000000 RCX: ffffffffb0120158<br />
[ 168.692251] RDX: ffffcdcb8200fbe0 RSI: ffff88c187c9fa80 RDI: ffff88c186c98a80<br />
[ 168.693593] RBP: ffffcdcb8200fbc0 R08: 0000000000000000 R09: 0000000000000000<br />
[ 168.694941] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88c186c98a80<br />
[ 168.696289] R13: 00007fff005aaa20 R14: 0000000000000080 R15: ffff88c188f4fce0<br />
[ 168.697637] FS: 0000790e81c58280(0000) GS:ffff88c20a957000(0000) knlGS:0000000000000000<br />
[ 168.699227] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
[ 168.700349] CR2: 0000000000000088 CR3: 000000012fd3e000 CR4: 0000000000350ef0<br />
[ 168.701696] Call Trace:<br />
[ 168.702325] <br />
[ 168.702995] rawdata_get_link_data+0x1c/0x30<br />
[ 168.704145] vfs_readlink+0xd4/0x160<br />
[ 168.705152] do_readlinkat+0x114/0x180<br />
[ 168.706214] __x64_sys_readlink+0x1e/0x30<br />
[ 168.708653] x64_sys_call+0x1d77/0x26b0<br />
[ 168.709525] do_syscall_64+0x81/0x500<br />
[ 168.710348] ? do_statx+0x72/0xb0<br />
[ 168.711109] ? putname+0x3e/0x80<br />
[ 168.711845] ? __x64_sys_statx+0xb7/0x100<br />
[ 168.712711] ? x64_sys_call+0x10fc/0x26b0<br />
[ 168.713577] ? do_syscall_64+0xbf/0x500<br />
[ 168.714412] ? do_user_addr_fault+0x1d2/0x8d0<br />
[ 168.715404] ? irqentry_exit+0xb2/0x740<br />
[ 168.716359] ? exc_page_fault+0x90/0x1b0<br />
[ 168.717307] entry_SYSCALL_64_after_hwframe+0x76/0x7e
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.17 (including) | 5.10.252 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.202 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.165 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.128 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.75 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 6.19.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1432ab0774cba43e8111be39989ff226531a9bac
- https://git.kernel.org/stable/c/19f2e4055626a58842ddec3282ad4465a80c6625
- https://git.kernel.org/stable/c/1d2b2b58fde9059a488bc25399e6c3d74e9b5548
- https://git.kernel.org/stable/c/3c36b87fc2a4cf88eadea8cf13923bd2b4f9a3fa
- https://git.kernel.org/stable/c/6d8c180c825cbc73eeffaa79591f8e142dacae70
- https://git.kernel.org/stable/c/b25298e89a297c42eb4c4d6f081d60375b820abb
- https://git.kernel.org/stable/c/df9ac55abd18628bd8cff687ea043660532a3654
- https://git.kernel.org/stable/c/e6b2fc7e34d4e7ca6b8598c33a3d45d59e455d8d



