CVE-2026-45966
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel within AppArmor, leading to a NULL pointer dereference in the __unix_needs_revalidation function. This issue occurs when receiving file descriptors via SCM_RIGHTS, where both the socket and sk pointers may be NULL.
Risk Assessment
This vulnerability may lead to system crashes, threatening the stability and security of the operating environment. If exploited, an attacker could cause unpredictable system behavior.
Recommendation
It is recommended to update the Linux kernel to a version that includes fixes for this vulnerability. Additionally, an audit of the AppArmor configuration should be conducted to ensure that all pointers are properly checked before use.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in __unix_needs_revalidation When receiving file descriptors via SCM_RIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer dereferences in __unix_needs_revalidation(). This is a regression in AppArmor 5.0.0 (kernel 6.17+) where the new __unix_needs_revalidation() function was added without proper NULL checks. The crash manifests as: BUG: kernel NULL pointer dereference, address: 0x0000000000000018 RIP: aa_file_perm+0xb7/0x3b0 (or +0xbe/0x3b0, +0xc0/0x3e0) Call Trace: apparmor_file_receive+0x42/0x80 security_file_receive+0x2e/0x50 receive_fd+0x1d/0xf0 scm_detach_fds+0xad/0x1c0 The function dereferences sock->sk->sk_family without checking if either sock or sock->sk is NULL first. Add NULL checks for both sock and sock->sk before accessing sk_family.

