Volerion logoVolerion
Volerion logoVolerion

Linux Kernel AppArmor Policy Namespace Depth Limitation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's AppArmor implementation allows for the creation of policy namespaces that can be nested arbitrarily deep. This unbounded nesting can exhaust system resources. The issue arises because policy namespaces are not strictly tied to user namespaces, leading to potential resource exhaustion. The vulnerability affects the Linux kernel through the stable branch.

Impact

The vulnerability can be exploited to create deeply nested policy namespaces, leading to exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by creating policy namespaces that exceed the depth limit of user namespaces, which can be done without restrictions. This nesting can be done arbitrarily deep, allowing for resource exhaustion.

Remediation

The vulnerability has been addressed by introducing a hard cap on the depth of policy namespaces, limiting them to the same maximum depth as user namespaces.

Added: Apr 1, 2026, 9:27 AM
Updated: Apr 1, 2026, 9:27 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
5.1
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.