Description
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.
Published: 2026-05-28
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 contain SAUCE patches that do not properly validate the size of the name field in AppArmor notification responses. When an unprivileged local user sends a crafted notification with an invalid size, the kernel may process the response incorrectly, which could lead to unexpected kernel behavior. The impact is limited to the handling of the notification; no direct data disclosure or execution is indicated by the CVE data.

Affected Systems

Canonical's Ubuntu Linux operating system, specifically kernel releases 6.8, 6.17, and 7.0.

Risk and Exploitability

The CVSS score of 3.3 indicates a low severity vulnerability. The EPSS score is not available and the CVE is not listed in the CISA KEV catalog, suggesting a modest likelihood of exploitation. The inferred attack vector is local, requiring an unprivileged user to craft a malformed notification. No public exploit evidence is reported, but the flaw could be used by local attackers to disrupt kernel operations if additional weaknesses are present.

Generated by OpenCVE AI on May 28, 2026 at 21:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Ubuntu kernel to a version that includes the SAUCE patch for releases 6.8, 6.17, or 7.0.
  • If an immediate kernel upgrade is not possible, reduce AppArmor enforcement to "complain" mode to avoid kernel processing of notification responses.
  • Monitor system logs for AppArmor notification activity and review any abnormal behavior.

Generated by OpenCVE AI on May 28, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8370-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8371-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8373-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8374-1 Linux kernel vulnerabilities
History

Tue, 09 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:25.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:26.04:*:*:*:*:*:*:*

Thu, 28 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical ubuntu Linux
Vendors & Products Canonical
Canonical ubuntu Linux

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.
Title Incorrect validation of field size in Ubuntu Linux AppArmor notification responses
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Canonical Ubuntu Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-05-28T19:24:59.869Z

Reserved: 2026-05-19T10:37:36.433Z

Link: CVE-2026-47329

cve-icon Vulnrichment

Updated: 2026-05-28T19:24:54.886Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T19:16:41.020

Modified: 2026-06-09T14:32:29.930

Link: CVE-2026-47329

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T21:45:27Z

Weaknesses
  • CWE-1284

    Improper Validation of Specified Quantity in Input