Skip to main content

Ubuntu Linux CVE-2026-47329

| EUVDEUVD-2026-32984 LOW
Improper Validation of Specified Quantity in Input (CWE-1284)
2026-05-28 canonical GHSA-m2m8-rqw7-jmqv
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 28, 2026 - 19:25 vuln.today

DescriptionCVE.org

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.

AnalysisAI

Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) improperly validate the size of the name field in AppArmor notification responses, allowing a local low-privileged user to trigger handling of crafted responses with potential limited integrity impact. The vulnerability carries a CVSS score of 3.3 (Low) with a local attack vector, restricted to integrity effects only and no confidentiality or availability consequences. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV.

Technical ContextAI

SAUCE (Software Applied by Ubuntu Community Engineers) patches are Ubuntu-specific kernel modifications that have not yet been merged into the mainline Linux kernel. AppArmor is a Linux Security Module (LSM) implementing mandatory access control via security profiles; it communicates with userspace through notification responses. The root cause maps to CWE-1284 (Improper Validation of Specified Quantity in Input), meaning the SAUCE patch code path that processes incoming AppArmor notification responses does not enforce bounds checking on the name field's declared size before using it. This class of bug can allow a caller to supply a size value that does not reflect the actual buffer, enabling crafted input to be processed incorrectly. Affected CPE is cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:* across kernel versions 6.8, 6.17, and 7.0 as shipped by Canonical.

RemediationAI

A patch is available from Canonical. The fix is tracked in the Ubuntu kernel noble branch at Launchpad commit 9ea8b64b3ad27d0501cf711efa98077998a33b14 (https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14). Administrators should apply the updated kernel package from Canonical's official repositories once an Ubuntu Security Notice (USN) is published for the affected kernel versions. An exact patched package version was not independently confirmed from the available reference data - monitor Ubuntu Security Notices at ubuntu.com/security/notices for the definitive fix version. As a compensating control on systems where patching is delayed, restricting local user accounts and auditing AppArmor notification consumers can reduce exposure; however, given the low severity and local-only attack vector, the operational trade-off of disabling AppArmor notification features entirely is likely disproportionate.

Share

CVE-2026-47329 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy