CVE-2026-47329

LOW

Incorrect validation of field size in Ubuntu Linux AppArmor notification responses

Title source: cna

Description

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.

References (1)

Core 1

Core References

Patch patch

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14

Scores

CVSS v3 3.3

EPSS 0.0009

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1284

Status published

Products (6)

Canonical/Ubuntu Linux 6.17.0 - 6.17.0-35.35

Canonical/Ubuntu Linux 6.8.0 - 6.8.0-124.124

Canonical/Ubuntu Linux 7.0.0 - 7.0.0-22.22

canonical/ubuntu_linux 24.04

canonical/ubuntu_linux 25.10

canonical/ubuntu_linux 26.04

Published May 28, 2026

Tracked Since May 29, 2026