Skip to main content

Ubuntu Linux CVE-2026-47328

| EUVDEUVD-2026-32983 MEDIUM
Free of Memory not on the Heap (CWE-590)
2026-05-28 canonical GHSA-5x7q-wm95-r63c
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 28, 2026 - 19:26 vuln.today
CVE Published
May 28, 2026 - 18:27 nvd
MEDIUM 6.1

DescriptionCVE.org

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.

AnalysisAI

Ubuntu Linux kernels 6.8, 6.17, and 7.0 ship Ubuntu-specific AppArmor SAUCE patches that incorrectly call kfree() on a pointer never allocated via kmalloc(), while simultaneously leaking the legitimately allocated memory. Any unprivileged local user can trigger this kernel memory management flaw, corrupting slab allocator metadata and driving the system toward resource exhaustion or instability. No public exploit code exists and no CISA KEV listing is present at time of analysis; however, CVSS rates availability impact as High given the potential for kernel-level denial of service.

Technical ContextAI

The flaw resides in Ubuntu's SAUCE (Software Applied by Ubuntu Canonical Engineers) patches layered atop the AppArmor Linux Security Module. CWE-590 (Free of Memory Not on the Heap) precisely describes the root cause: kfree() is invoked on a pointer that was never returned by the kernel's slab allocator (kmalloc()), violating a fundamental invariant of SLUB/SLAB memory management. Freeing such a pointer causes the slab allocator to write bookkeeping data into arbitrary memory, corrupting metadata structures used by every subsequent kernel allocation. The concurrent memory leak - where the original kmalloc'd buffer is abandoned without being freed - compounds degradation over time by progressively consuming non-reclaimable kernel memory. The affected CPE is cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:* at kernel versions 6.8, 6.17, and 7.0. This bug is entirely Ubuntu-specific: upstream Linux kernels and non-Ubuntu distributions do not carry these SAUCE patches and are unaffected.

RemediationAI

Apply the vendor-released kernel patch from Canonical by running apt-get update followed by apt-get upgrade on affected Ubuntu systems, then rebooting into the updated kernel. The upstream fix is available at the Ubuntu noble kernel Launchpad repository (commit 7f3c4902c39432ce7ea0d384cb70eba282247fac: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac). The exact patched ubuntu package version has not been confirmed in the available data - monitor Ubuntu Security Notices (USN) at ubuntu.com/security/notices for the official advisory and patched package identifiers. As a compensating control on systems where immediate patching is not feasible, restrict shell access to trusted users only, since the attack requires a local session (PR:L); this reduces exposure but does not eliminate the vulnerability. Disabling AppArmor as a workaround is strongly discouraged, as it removes a mandatory access control layer and introduces a broader security regression.

Share

CVE-2026-47328 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy