CVE-2026-45848

Source
https://cve.org/CVERecord?id=CVE-2026-45848
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45848.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45848
Downstream
Published
2026-05-27T12:15:12.310Z
Modified
2026-06-27T11:55:23.042032841Z
Summary
apparmor: fix NULL sock in aa_sock_file_perm
Details

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix NULL sock in aasockfile_perm

Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in _unixneedsrevalidation shows this is at least possible for afunix sockets. While the fix for afunix sockets applies for newer mediation this is still the fall back path for older afunix mediation and other sockets, so ensure it is covered.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45848.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
56974a6fcfef69ee0825bd66ed13e92070ac5224
Fixed
68538ec34fcb4194c7961dc4eca6f5537fec8067
Fixed
5121b7283f1c46e4c06b88b1dda7b064429d77de
Fixed
c11b7c3280d000376e27ebfed17ec7046699eab4
Fixed
0dc19bca22606f7a61d5988408f74e3ae0ef3486
Fixed
3852eb9a0392eb435c03dcb47d581bcfe6a9a95b
Fixed
ccb66a3c6c8f51b3ed1bc003b70bb9ff99e8d835
Fixed
8a0ededbfcff74598f82f1d4b8ef9db28878b317
Fixed
00b67657535dfea56e84d11492f5c0f61d0af297

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45848.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.17.0
Fixed
5.10.252
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45848.json"