CVE-2026-45884

Source
https://cve.org/CVERecord?id=CVE-2026-45884
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45884.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45884
Downstream
Published
2026-05-27T12:16:56.542Z
Modified
2026-06-27T11:55:04.023730271Z
Summary
apparmor: avoid per-cpu hold underflow in aa_get_buffer
Details

In the Linux kernel, the following vulnerability has been resolved:

apparmor: avoid per-cpu hold underflow in aagetbuffer

When aagetbuffer() pulls from the per-cpu list it unconditionally decrements cache->hold. If hold reaches 0 while count is still non-zero, the unsigned decrement wraps to UINTMAX. This keeps hold non-zero for a very long time, so aaputbuffer() never returns buffers to the global list, which can starve other CPUs and force repeated kmalloc(aagpathmax) allocations.

Guard the decrement so hold never underflows.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45884.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ea9bae12d02819556db63348db8bd8441eb316f2
Fixed
202824a1f89a9786c20a3d646a7c88d223abb1b2
Fixed
80c334acc6d0bee8605a358a33e69b4aea1ffb92
Fixed
4bcddd0f6b2e52b4c7b520e4d36a115caf5b7169
Fixed
640cf2f09575c9dc344b3f7be2498d31e3923ead

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45884.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45884.json"