Description
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data being processed by the AppArmor DFA policy engine.
Published: 2026-05-28
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An incorrect buffer size calculation in the AppArmor SAUCE patches of Ubuntu Linux kernels 6.8, 6.17, and 7.0 enables a heap out‑of‑bounds read during notification handling. The flaw allows an unprivileged local user to read arbitrary heap data, which is then passed to the AppArmor DFA policy engine. This can expose sensitive information or corrupt policy evaluation, thereby compromising the confidentiality of local data and the integrity of the AppArmor decision engine.

Affected Systems

The vulnerability impacts Canonical Ubuntu Linux systems that incorporate kernel versions 6.8, 6.17, or 7.0 with the AppArmor SAUCE patches. No additional sub‑version constraints are listed, so all builds containing these kernel releases are affected.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while the EPSS score is unavailable, so the exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly documented exploits. Attackers must execute the flaw from a local account without elevated privileges; no external or privilege escalation vector is required. Triggering the notification handling path to read beyond the buffer boundary is the core exploitation technique, achievable by interacting with AppArmor policies or related processes.

Generated by OpenCVE AI on May 28, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Ubuntu Linux kernel to a version that incorporates the AppArmor SAUCE patch fix. This may involve installing the latest kernel update available from Canonical’s repositories.
  • If a kernel upgrade is not immediately possible, consider temporarily disabling AppArmor until the patch is applied, as the bug occurs only during AppArmor notification handling.
  • Continuously monitor system logs (e.g., journalctl or /var/log/kern.log) for AppArmor errors or abnormal reads that could indicate exploitation attempts.

Generated by OpenCVE AI on May 28, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical ubuntu Linux
Vendors & Products Canonical
Canonical ubuntu Linux

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data being processed by the AppArmor DFA policy engine.
Title Out-of-bounds read in Ubuntu Linux AppArmor notification handling
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Canonical Ubuntu Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-05-28T19:24:05.684Z

Reserved: 2026-05-19T10:37:36.433Z

Link: CVE-2026-47333

cve-icon Vulnrichment

Updated: 2026-05-28T19:23:59.983Z

cve-icon NVD

Status : Received

Published: 2026-05-28T19:16:42.073

Modified: 2026-05-28T19:16:42.073

Link: CVE-2026-47333

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T20:30:25Z

Weaknesses