CVE-2026-47333

HIGH

Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Title source: cna

Description

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data being processed by the AppArmor DFA policy engine.

References (1)

Core 1

Core References

Patch patch

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=635fa30ed9e944bdb7e811fb8a8906286b4b4f06

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 1.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-125

Status published

Products (6)

Canonical/Ubuntu Linux 6.17.0 - 6.17.0-35.35

Canonical/Ubuntu Linux 6.8.0 - 6.8.0-124.124

Canonical/Ubuntu Linux 7.0.0 - 7.0.0-22.22

canonical/ubuntu_linux 24.04

canonical/ubuntu_linux 25.10

canonical/ubuntu_linux 26.04

Published May 28, 2026

Tracked Since May 29, 2026