Skip to main content

Ubuntu Linux CVE-2026-47327

| EUVDEUVD-2026-32982 LOW
NULL Pointer Dereference (CWE-476)
2026-05-28 canonical GHSA-mc7m-mf78-qjmx
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 28, 2026 - 19:26 vuln.today

DescriptionCVE.org

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.

AnalysisAI

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash the kernel via the AppArmor notification handling path. The flaw exists exclusively in Ubuntu-specific SAUCE patches layered on top of the upstream Linux kernel, meaning only Ubuntu kernels carrying these versions are affected - not upstream Linux or other distributions. No public exploit code or active exploitation has been identified at time of analysis; the impact is limited to a kernel oops (availability loss, CVSS A:L), with no confidentiality or integrity impact.

Technical ContextAI

SAUCE (Support, Accuracy, Ubuntu, Compatibility, Extensibility) patches are Ubuntu-specific modifications applied to the Linux kernel that are not present in upstream kernel releases. This vulnerability resides in the AppArmor LSM (Linux Security Module) notification subsystem within those SAUCE patches. CWE-476 (NULL Pointer Dereference) indicates the kernel attempts to dereference a pointer that has not been initialized or has been set to NULL, resulting in a kernel oops - an unhandled exception that may halt or restart the affected system. The affected CPE is cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:*, covering Ubuntu Linux kernel builds at versions 6.8, 6.17, and 7.0. The Launchpad patch reference targets the 'noble' branch, which corresponds to Ubuntu 24.04 LTS.

RemediationAI

Apply the upstream fix available from Canonical's Launchpad repository for the noble branch (commit 7f3c4902c39432ce7ea0d384cb70eba282247fac) at https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac. Users running affected Ubuntu kernel versions 6.8, 6.17, or 7.0 should monitor for patched kernel package releases from Canonical via the standard Ubuntu security update channel and apply via 'apt update && apt upgrade' once available; a reboot is required for kernel updates to take effect. A released patched package version number has not been independently confirmed from available data - watch Ubuntu Security Notices (USN) for the formal advisory. As a compensating control, restricting interactive shell access to trusted users only limits the attack surface, since exploitation requires a local low-privileged account; this does not eliminate the vulnerability but reduces exposure on multi-tenant systems.

Share

CVE-2026-47327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy