Skip to main content

Ubuntu Linux Kernel CVE-2026-47326

| EUVDEUVD-2026-32981 MEDIUM
Memory Leak (CWE-401)
2026-05-28 canonical GHSA-rpqm-wqwm-759w
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 28, 2026 - 19:26 vuln.today
CVE Published
May 28, 2026 - 18:26 nvd
MEDIUM 5.5

DescriptionCVE.org

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion.

AnalysisAI

Memory exhaustion via AppArmor notification handling affects Ubuntu Linux kernel versions carrying Ubuntu-specific SAUCE patches (6.8, 6.17, 7.0). An unprivileged local user can trigger a memory leak by eliciting large responses to AppArmor userspace notifications, repeatedly consuming kernel memory without release. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified, but the low-privilege local trigger lowers the bar for insider or co-tenant abuse in multi-user and container environments.

Technical ContextAI

The vulnerability resides in Ubuntu's SAUCE patch layer - Ubuntu-specific kernel modifications not present in mainline Linux - specifically in the AppArmor Linux Security Module's notification subsystem. AppArmor userspace notifications allow applications to receive and respond to security policy events; when those responses are large ('big responses'), the kernel code path fails to release allocated memory, constituting a classic CWE-401 (Missing Release of Memory after Effective Lifetime) defect. The affected CPE is cpe:2.3:a:canonical:ubuntu_linux covering kernel versions 6.8, 6.17, and 7.0 as shipped by Canonical. Because SAUCE patches are Ubuntu-proprietary, this bug does not affect upstream or other distribution kernels.

RemediationAI

Apply the upstream fix commit available in the Ubuntu kernel noble branch at https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=8d858ecb7e2e216ca2987302a04c266f2355fefe. This is a source-level commit fix; an exact released kernel package version incorporating this fix has not been independently confirmed from the available data, so monitor Ubuntu Security Notices (USN) for a corresponding kernel package update for Ubuntu 24.04 LTS. As a compensating control prior to patching, administrators can restrict access to AppArmor notification features by limiting which users or processes can interact with AppArmor's notify socket (e.g., via namespace isolation or seccomp profiles), though this may break applications relying on AppArmor userspace notification policies. On systems where AppArmor notify functionality is not required, disabling the notify feature reduces attack surface with no operational impact to standard AppArmor policy enforcement.

Share

CVE-2026-47326 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy