Volerion logoVolerion
Volerion logoVolerion

Linux Kernel AppArmor Iterative Profile Removal Vulnerability Causes Stack Exhaustion

Vulnerability

A vulnerability in the Linux kernel's AppArmor profile management can lead to kernel stack exhaustion and system crashes. This issue arises from the profile removal process, which uses recursion to delete nested profiles. The vulnerability is present in the AppArmor policy handling of the Linux kernel.

Impact

The recursive profile removal can exhaust the kernel stack, leading to a system crash.

Reproduction

The vulnerability can be reproduced by creating a large number of nested AppArmor profiles. This can be done by using a loop to add profiles recursively, which will eventually exhaust the kernel stack. After adding the profiles, the top-level profile can be removed, triggering the stack exhaustion.

Remediation

The vulnerability has been addressed by replacing the recursive profile removal approach with an iterative one. Users should update to the latest version of the Linux kernel where this fix has been applied.

Added: Apr 1, 2026, 9:27 AM
Updated: Apr 1, 2026, 9:27 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
5.1
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.