Skip to main content

Ubuntu Linux CVE-2026-47330

| EUVDEUVD-2026-32985 LOW
Use of Uninitialized Variable (CWE-457)
2026-05-28 canonical GHSA-9v4h-c57q-p24f
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 28, 2026 - 19:25 vuln.today

DescriptionCVE.org

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses.

AnalysisAI

Incorrect caching of AppArmor notification responses in Ubuntu Linux kernel versions 6.8, 7.17, and 7.0 stems from an uninitialized variable (CWE-457) in Ubuntu-specific AppArmor SAUCE patch code. An unprivileged local user can trigger this bug to corrupt the AppArmor notification response cache, producing a low-severity integrity impact. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; the CVSS score of 3.3 (Low) reflects its constrained local-only, limited-impact nature.

Technical ContextAI

AppArmor is a Linux Security Module (LSM) providing mandatory access control via profiles; Ubuntu applies additional out-of-tree 'SAUCE' patches to the upstream kernel to extend AppArmor functionality, including notification handling. CWE-457 (Use of Uninitialized Variable) occurs when a variable is read before a defined value is assigned, producing undefined behavior that in this case results in stale or garbage data being committed to a notification response cache. Affected products are identified via CPE cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:* and the confirmed fix commit targets the 'noble' branch (Ubuntu 24.04 LTS) on Launchpad. The kernel sub-versions 6.8, 7.17, and 7.0 refer to Ubuntu kernel package versioning for these releases. Because the vulnerable code is exclusive to Ubuntu's SAUCE patches and not present in mainline Linux, non-Ubuntu distributions are unaffected.

RemediationAI

The vendor-released patch is available from Canonical as a commit to the Ubuntu noble kernel tree (commit 9b2c6eded493fa50e7c8cd3618d7ebe1358abaab). Administrators should apply Ubuntu security kernel updates via standard package management (sudo apt-get update && sudo apt-get upgrade) to receive the fixed kernel package for the applicable release. The released patched package version is not independently confirmed from available reference data beyond the upstream commit - verify the exact fixed package version via Ubuntu Security Notices (USN) on ubuntu.com/security/notices. If patching is delayed, limiting local user access to systems where AppArmor notification policies are active reduces exposure; note this does not eliminate the bug but removes the triggering condition. Disabling AppArmor entirely is not recommended as it removes the broader MAC protection layer and represents a disproportionate trade-off for a low-severity integrity issue.

Share

CVE-2026-47330 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy