Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses.
AnalysisAI
Incorrect caching of AppArmor notification responses in Ubuntu Linux kernel versions 6.8, 7.17, and 7.0 stems from an uninitialized variable (CWE-457) in Ubuntu-specific AppArmor SAUCE patch code. An unprivileged local user can trigger this bug to corrupt the AppArmor notification response cache, producing a low-severity integrity impact. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; the CVSS score of 3.3 (Low) reflects its constrained local-only, limited-impact nature.
Technical ContextAI
AppArmor is a Linux Security Module (LSM) providing mandatory access control via profiles; Ubuntu applies additional out-of-tree 'SAUCE' patches to the upstream kernel to extend AppArmor functionality, including notification handling. CWE-457 (Use of Uninitialized Variable) occurs when a variable is read before a defined value is assigned, producing undefined behavior that in this case results in stale or garbage data being committed to a notification response cache. Affected products are identified via CPE cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:* and the confirmed fix commit targets the 'noble' branch (Ubuntu 24.04 LTS) on Launchpad. The kernel sub-versions 6.8, 7.17, and 7.0 refer to Ubuntu kernel package versioning for these releases. Because the vulnerable code is exclusive to Ubuntu's SAUCE patches and not present in mainline Linux, non-Ubuntu distributions are unaffected.
RemediationAI
The vendor-released patch is available from Canonical as a commit to the Ubuntu noble kernel tree (commit 9b2c6eded493fa50e7c8cd3618d7ebe1358abaab). Administrators should apply Ubuntu security kernel updates via standard package management (sudo apt-get update && sudo apt-get upgrade) to receive the fixed kernel package for the applicable release. The released patched package version is not independently confirmed from available reference data beyond the upstream commit - verify the exact fixed package version via Ubuntu Security Notices (USN) on ubuntu.com/security/notices. If patching is delayed, limiting local user access to systems where AppArmor notification policies are active reduces exposure; note this does not eliminate the bug but removes the triggering condition. Disabling AppArmor entirely is not recommended as it removes the broader MAC protection layer and represents a disproportionate trade-off for a low-severity integrity issue.
Same weakness CWE-457 – Use of Uninitialized Variable
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32985
GHSA-9v4h-c57q-p24f