Description
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.
Published: 2026-05-28
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates in the AppArmor SAUCE patches in Ubuntu Linux kernels 6.8, 6.17, and 7.0, where the code attempts to free a pointer that was not allocated by kmalloc. This incorrect deallocation corrupts slab metadata and leaks allocated memory, allowing an unprivileged local user to trigger the bug. The resulting memory corruption can cause resource exhaustion or further kernel instability.

Affected Systems

Affected systems are Canonical Ubuntu Linux systems running kernel version 6.8, 6.17, or 7.0. The issue exists in the AppArmor SAUCE patches applied to those kernel releases.

Risk and Exploitability

The CVSS score of 6.1 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local; an unprivileged user must execute code on the affected machine to trigger the bug. Exploitation could lead to kernel memory corruption and a denial‑of‑service by exhausting system resources, but the requirement for local access limits its threat scope to compromised or poorly managed systems.

Generated by OpenCVE AI on May 28, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a patched release (e.g., 6.8.1 or later, 6.17.1 or later, or 7.0.1 or later) and reboot the system
  • Apply any available security updates that contain the AppArmor SAUCE patch from Canonical’s package repositories
  • If immediate kernel updates are unavailable, restrict local user privileges so they cannot trigger AppArmor notification handling (e.g., remove write or execute permissions for local policy files)
  • Monitor kernel logs for signs of slab corruption or OOM events and address anomalies promptly

Generated by OpenCVE AI on May 28, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.
Title Invalid pointer deallocation in Ubuntu Linux AppArmor notification handling
Weaknesses CWE-590
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-05-28T19:25:13.160Z

Reserved: 2026-05-19T10:37:36.433Z

Link: CVE-2026-47328

cve-icon Vulnrichment

Updated: 2026-05-28T19:25:08.685Z

cve-icon NVD

Status : Received

Published: 2026-05-28T19:16:40.687

Modified: 2026-05-28T19:16:40.687

Link: CVE-2026-47328

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T20:30:25Z

Weaknesses