An out‑of‑bounds read occurs in AppArmor’s notification handling code in Ubuntu Linux kernels 6.8, 6.17 and 7.0. The bug arises from a faulty size check of an internal structure used during notification processing. The read can access data from adjacent slab objects, enabling a local user to exfiltrate sensitive information that normally resides only within protected memory regions. The weakness is classified under CWE‑125. The impact is limited to confidentiality of system memory content; there is no direct modification of system state, so integrity and availability are not directly affected.

Canonical’s Ubuntu Linux product family is affected, specifically kernel versions 6.8, 6.17 and 7.0 used in the noble release series. No other vendors or product lines are listed, so the scope is confined to Ubuntu systems running these kernel releases.

The vulnerability can be exploited locally by any unprivileged user with access to the target host. The CVSS score of 5.5 places it in the medium severity range. Because the EPSS score is not available, exploitation probability cannot be quantified, and the issue is not listed in the CISA KEV catalog. An attacker would need to trigger the notification handling path, which may be a routine operation within AppArmor profile management. While the attack is limited to information disclosure, the lack of a widely deployed patch suggests that exploitation may occur in environments that have not yet applied security updates.