CVE-2026-47330

LOW

Use of uninitialized value in Ubuntu Linux AppArmor notification handling

Title source: cna
STIX 2.1

Description

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses.

References (1)

Core 1

Scores

CVSS v3 3.3
EPSS 0.0009
EPSS Percentile 0.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-457
Status published
Products (6)
Canonical/Ubuntu Linux 6.17.0 - 6.17.0-35.35
Canonical/Ubuntu Linux 6.8.0 - 6.8.0-124.124
Canonical/Ubuntu Linux 7.0.0 - 7.0.0-22.22
canonical/ubuntu_linux 24.04
canonical/ubuntu_linux 25.10
canonical/ubuntu_linux 26.04
Published May 28, 2026
Tracked Since May 29, 2026