Description
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user and can result in kernel panic or deadlock.
Published: 2026-05-28
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An AppArmor SAUCE patch within the Ubuntu kernel incorrectly causes the system to sleep while a spinlock is held during notification handling, which can lead to a deadlock or kernel panic. The flaw permits an unprivileged local user to trigger the bug via normal interactions with AppArmor, resulting in the kernel halting. The weakness matches CWE‑833, illustrating improper synchronization leading to resource starvation.

Affected Systems

The vulnerability affects Canonical’s Ubuntu Linux kernels 6.8, 6.17, and 7.0. Systems running these kernel releases are susceptible because the AppArmor SAUCE patch is present and exhibits the faulty sleep behavior.

Risk and Exploitability

With a CVSS base score of 5.5 the risk is moderate, and the issue is not listed in the CISA KEV catalog nor does it have an EPSS score provided. The attack requires only local execution by an unprivileged user, so the likelihood in a typical environment is low to moderate, but if compromised users can trigger the bug the result would be a denial of service via kernel panic or deadlock.

Generated by OpenCVE AI on May 28, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the system to the latest available Ubuntu kernel version that includes the fix for the AppArmor SAUCE sleep bug.
  • Reload the AppArmor profiles or restart the AppArmor service against the updated kernel to ensure the correct modules are in use.
  • Configure the system to automatically reboot or alert administrators upon a kernel panic to reduce downtime.

Generated by OpenCVE AI on May 28, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user and can result in kernel panic or deadlock.
Title Deadlock or kernel panic in Ubuntu Linux AppArmor notification handling
Weaknesses CWE-833
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2026-05-28T19:23:51.066Z

Reserved: 2026-05-19T10:37:36.433Z

Link: CVE-2026-47334

cve-icon Vulnrichment

Updated: 2026-05-28T19:23:45.474Z

cve-icon NVD

Status : Received

Published: 2026-05-28T19:16:42.203

Modified: 2026-05-28T19:16:42.203

Link: CVE-2026-47334

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T20:30:25Z

Weaknesses