In the Linux kernel, the following vulnerability has been resolved:
apparmor: avoid per-cpu hold underflow in aagetbuffer
When aagetbuffer() pulls from the per-cpu list it unconditionally decrements cache->hold. If hold reaches 0 while count is still non-zero, the unsigned decrement wraps to UINTMAX. This keeps hold non-zero for a very long time, so aaputbuffer() never returns buffers to the global list, which can starve other CPUs and force repeated kmalloc(aagpathmax) allocations.
Guard the decrement so hold never underflows.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45884.json"
}