{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46328", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.112Z", "datePublished": "2026-06-09T12:25:57.629Z", "dateUpdated": "2026-06-09T12:25:57.629Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-09T12:25:57.629Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix rlimit for posix cpu timers\n\nPosix cpu timers requires an additional step beyond setting the rlimit.\nRefactor the code so its clear when what code is setting the\nlimit and conditionally update the posix cpu timers when appropriate."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/apparmor/resource.c"], "versions": [{"version": "baa73d9e478ff32d62f3f9422822b59dd9a95a21", "lessThan": "e1cc11550b2f66687a374536c9dfdddcefca0efe", "status": "affected", "versionType": "git"}, {"version": "baa73d9e478ff32d62f3f9422822b59dd9a95a21", "lessThan": "2232d7cd243833ad750cae656d1817fe43744a09", "status": "affected", "versionType": "git"}, {"version": "baa73d9e478ff32d62f3f9422822b59dd9a95a21", "lessThan": "28aa93fcfb33b6d580c5df4ae8b6d13fb0e6fcd3", "status": "affected", "versionType": "git"}, {"version": "baa73d9e478ff32d62f3f9422822b59dd9a95a21", "lessThan": "1f736dfe27c857b78f8461cd7c3dd9640be74b37", "status": "affected", "versionType": "git"}, {"version": "baa73d9e478ff32d62f3f9422822b59dd9a95a21", "lessThan": "e43818b16815c0c2bf933ef28316f8e704e5e0ef", "status": "affected", "versionType": "git"}, {"version": "baa73d9e478ff32d62f3f9422822b59dd9a95a21", "lessThan": "9bf1fa150775b0c6b794e4b6a2c0395e13777999", "status": "affected", "versionType": "git"}, {"version": "baa73d9e478ff32d62f3f9422822b59dd9a95a21", "lessThan": "57d51d41b90eface809b72e0e009b50546492f1f", "status": "affected", "versionType": "git"}, {"version": "baa73d9e478ff32d62f3f9422822b59dd9a95a21", "lessThan": "6ca56813f4a589f536adceb42882855d91fb1125", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/apparmor/resource.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.252", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.202", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.165", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.128", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.14", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.4", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "5.10.252"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "5.15.202"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.1.165"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.6.128"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.18.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e1cc11550b2f66687a374536c9dfdddcefca0efe"}, {"url": "https://git.kernel.org/stable/c/2232d7cd243833ad750cae656d1817fe43744a09"}, {"url": "https://git.kernel.org/stable/c/28aa93fcfb33b6d580c5df4ae8b6d13fb0e6fcd3"}, {"url": "https://git.kernel.org/stable/c/1f736dfe27c857b78f8461cd7c3dd9640be74b37"}, {"url": "https://git.kernel.org/stable/c/e43818b16815c0c2bf933ef28316f8e704e5e0ef"}, {"url": "https://git.kernel.org/stable/c/9bf1fa150775b0c6b794e4b6a2c0395e13777999"}, {"url": "https://git.kernel.org/stable/c/57d51d41b90eface809b72e0e009b50546492f1f"}, {"url": "https://git.kernel.org/stable/c/6ca56813f4a589f536adceb42882855d91fb1125"}], "title": "apparmor: fix rlimit for posix cpu timers", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix rlimit for posix cpu timers\n\nPosix cpu timers requires an additional step beyond setting the rlimit.\nRefactor the code so its clear when what code is setting the\nlimit and conditionally update the posix cpu timers when appropriate."}], "id": "CVE-2026-46328", "lastModified": "2026-06-09T14:16:42.500", "metrics": {}, "published": "2026-06-09T14:16:42.500", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1f736dfe27c857b78f8461cd7c3dd9640be74b37"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2232d7cd243833ad750cae656d1817fe43744a09"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/28aa93fcfb33b6d580c5df4ae8b6d13fb0e6fcd3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/57d51d41b90eface809b72e0e009b50546492f1f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6ca56813f4a589f536adceb42882855d91fb1125"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9bf1fa150775b0c6b794e4b6a2c0395e13777999"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e1cc11550b2f66687a374536c9dfdddcefca0efe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e43818b16815c0c2bf933ef28316f8e704e5e0ef"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: apparmor: fix rlimit for posix cpu timers", "id": "2487000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487000"}, "csaw": false, "cwe": "CWE-770", "details": ["A flaw was found in the Linux kernel's AppArmor security module. The system's rlimit (resource limit) for POSIX (Portable Operating System Interface) CPU timers was not correctly enforced. This issue, stemming from an overlooked step in applying resource limits, could allow a local attacker to bypass intended CPU time restrictions, potentially leading to excessive resource consumption or a denial of service."], "name": "CVE-2026-46328", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46328\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46328\nhttps://lore.kernel.org/linux-cve-announce/2026060910-CVE-2026-46328-dc30@gregkh/T"]}