CVE-2026-23403

The function sets *ns = NULL on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checking since *ns is always NULL when the comparison is made.

Remove the incorrect assignment. The caller (aa_unpack) initializes *ns to NULL once before the loop, which is sufficient.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23403.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dd51c84857630e77c139afe4d9bba65fc051dc3f

Fixed

663ce34786e759ebcbeb3060685c20bcc886d51a

Fixed

786e2c2a87d9c505f33321d1fd23a176aa8ddeb1

Fixed

4f0889f2df1ab99224a5e1ac4e20437eea5fe38e

Fixed

42fd831abfc15d0643c14688f0522556b347e7e6

Fixed

e38c55d9f834e5b848bfed0f5c586aaf45acb825

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23403.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.12.0

Fixed

6.6.130

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.77

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.18

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23403.json"