CVE-2026-45965

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
27/05/2026
Last modified:
16/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> apparmor: fix invalid deref of rawdata when export_binary is unset<br /> <br /> If the export_binary parameter is disabled on runtime, profiles that<br /> were loaded before that will still have their rawdata stored in<br /> apparmorfs, with a symbolic link to the rawdata on the policy<br /> directory. When one of those profiles are replaced, the rawdata is set<br /> to NULL, but when trying to resolve the symbolic links to rawdata for<br /> that profile, it will try to dereference profile-&gt;rawdata-&gt;name when<br /> profile-&gt;rawdata is now NULL causing an oops. Fix it by checking if<br /> rawdata is set.<br /> <br /> [ 168.653080] BUG: kernel NULL pointer dereference, address: 0000000000000088<br /> [ 168.657420] #PF: supervisor read access in kernel mode<br /> [ 168.660619] #PF: error_code(0x0000) - not-present page<br /> [ 168.663613] PGD 0 P4D 0<br /> [ 168.665450] Oops: Oops: 0000 [#1] SMP NOPTI<br /> [ 168.667836] CPU: 1 UID: 0 PID: 1729 Comm: ls Not tainted 6.19.0-rc7+ #3 PREEMPT(voluntary)<br /> [ 168.672308] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> [ 168.679327] RIP: 0010:rawdata_get_link_base.isra.0+0x23/0x330<br /> [ 168.682768] Code: 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 18 48 89 55 d0 48 85 ff 0f 84 e3 01 00 00 83 3c 25 88 00 00 00 00 0f 84 d4 01 00 00 49 89 f6 49 89 cc e8<br /> [ 168.689818] RSP: 0018:ffffcdcb8200fb80 EFLAGS: 00010282<br /> [ 168.690871] RAX: ffffffffaee74ec0 RBX: 0000000000000000 RCX: ffffffffb0120158<br /> [ 168.692251] RDX: ffffcdcb8200fbe0 RSI: ffff88c187c9fa80 RDI: ffff88c186c98a80<br /> [ 168.693593] RBP: ffffcdcb8200fbc0 R08: 0000000000000000 R09: 0000000000000000<br /> [ 168.694941] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88c186c98a80<br /> [ 168.696289] R13: 00007fff005aaa20 R14: 0000000000000080 R15: ffff88c188f4fce0<br /> [ 168.697637] FS: 0000790e81c58280(0000) GS:ffff88c20a957000(0000) knlGS:0000000000000000<br /> [ 168.699227] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 168.700349] CR2: 0000000000000088 CR3: 000000012fd3e000 CR4: 0000000000350ef0<br /> [ 168.701696] Call Trace:<br /> [ 168.702325] <br /> [ 168.702995] rawdata_get_link_data+0x1c/0x30<br /> [ 168.704145] vfs_readlink+0xd4/0x160<br /> [ 168.705152] do_readlinkat+0x114/0x180<br /> [ 168.706214] __x64_sys_readlink+0x1e/0x30<br /> [ 168.708653] x64_sys_call+0x1d77/0x26b0<br /> [ 168.709525] do_syscall_64+0x81/0x500<br /> [ 168.710348] ? do_statx+0x72/0xb0<br /> [ 168.711109] ? putname+0x3e/0x80<br /> [ 168.711845] ? __x64_sys_statx+0xb7/0x100<br /> [ 168.712711] ? x64_sys_call+0x10fc/0x26b0<br /> [ 168.713577] ? do_syscall_64+0xbf/0x500<br /> [ 168.714412] ? do_user_addr_fault+0x1d2/0x8d0<br /> [ 168.715404] ? irqentry_exit+0xb2/0x740<br /> [ 168.716359] ? exc_page_fault+0x90/0x1b0<br /> [ 168.717307] entry_SYSCALL_64_after_hwframe+0x76/0x7e

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.17 (including) 5.10.252 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.202 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.165 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.128 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.75 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.14 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 6.19.4 (excluding)