Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
2DescriptionCVE.org
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.
AnalysisAI
Ubuntu Linux kernels 6.8, 6.17, and 7.0 ship Ubuntu-specific AppArmor SAUCE patches that incorrectly call kfree() on a pointer never allocated via kmalloc(), while simultaneously leaking the legitimately allocated memory. Any unprivileged local user can trigger this kernel memory management flaw, corrupting slab allocator metadata and driving the system toward resource exhaustion or instability. No public exploit code exists and no CISA KEV listing is present at time of analysis; however, CVSS rates availability impact as High given the potential for kernel-level denial of service.
Technical ContextAI
The flaw resides in Ubuntu's SAUCE (Software Applied by Ubuntu Canonical Engineers) patches layered atop the AppArmor Linux Security Module. CWE-590 (Free of Memory Not on the Heap) precisely describes the root cause: kfree() is invoked on a pointer that was never returned by the kernel's slab allocator (kmalloc()), violating a fundamental invariant of SLUB/SLAB memory management. Freeing such a pointer causes the slab allocator to write bookkeeping data into arbitrary memory, corrupting metadata structures used by every subsequent kernel allocation. The concurrent memory leak - where the original kmalloc'd buffer is abandoned without being freed - compounds degradation over time by progressively consuming non-reclaimable kernel memory. The affected CPE is cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:* at kernel versions 6.8, 6.17, and 7.0. This bug is entirely Ubuntu-specific: upstream Linux kernels and non-Ubuntu distributions do not carry these SAUCE patches and are unaffected.
RemediationAI
Apply the vendor-released kernel patch from Canonical by running apt-get update followed by apt-get upgrade on affected Ubuntu systems, then rebooting into the updated kernel. The upstream fix is available at the Ubuntu noble kernel Launchpad repository (commit 7f3c4902c39432ce7ea0d384cb70eba282247fac: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac). The exact patched ubuntu package version has not been confirmed in the available data - monitor Ubuntu Security Notices (USN) at ubuntu.com/security/notices for the official advisory and patched package identifiers. As a compensating control on systems where immediate patching is not feasible, restrict shell access to trusted users only, since the attack requires a local session (PR:L); this reduces exposure but does not eliminate the vulnerability. Disabling AppArmor as a workaround is strongly discouraged, as it removes a mandatory access control layer and introduces a broader security regression.
Same weakness CWE-590 – Free of Memory not on the Heap
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32983
GHSA-5x7q-wm95-r63c