Description
Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.
Published: 2026-05-28
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Ubuntu Linux kernel 6.8 contains a race condition in the AppArmor SAUCE notification handling code. When the code modifies a linked list it fails to acquire the necessary lock, allowing an unprivileged local user to trigger a use‑after‑free. If exploited, the attacker could potentially execute arbitrary code with the privileges of the affected process, undermining confidentiality, integrity, and availability of the system.

Affected Systems

The vulnerability is present in Canonical’s Ubuntu Linux distribution, specifically in the 6.8 kernel series. Users of this kernel, especially those running unprivileged local accounts, are susceptible until the patch is applied.

Risk and Exploitability

The CVSS score is 7.8, indicating a high severity. The EPSS score is not available, so the likelihood of opportunistic exploitation cannot be precisely quantified, but the vulnerability is not currently listed in the CISA KEV catalogue. Because the attack requires local execution, a compromised or malicious local user can trigger the race condition; the lack of a proper lock on the linked list provides the necessary window for the use‑after‑free.

Generated by OpenCVE AI on May 28, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the AppArmor SAUCE fixes, such as the latest Ubuntu 6.8 patch release.
  • If a kernel update is not yet available, consider disabling SAUCE or removing the affected notification handler via kernel module removal or disabling AppArmor SAUCE through sysctl to reduce the attack surface.
  • Audit and restrict local user privileges to minimize the ability to trigger notifications, enforce least‑privilege practices, and monitor logs for anomalous AppArmor activity.

Generated by OpenCVE AI on May 28, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical ubuntu Linux
Vendors & Products Canonical
Canonical ubuntu Linux

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.
Title Use-after-free in Ubuntu Linux AppArmor notification handling
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Canonical Ubuntu Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-05-28T19:24:32.303Z

Reserved: 2026-05-19T10:37:36.433Z

Link: CVE-2026-47331

cve-icon Vulnrichment

Updated: 2026-05-28T19:24:27.828Z

cve-icon NVD

Status : Received

Published: 2026-05-28T19:16:41.757

Modified: 2026-05-28T19:16:41.757

Link: CVE-2026-47331

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T20:30:25Z

Weaknesses