Skip to main content

Ubuntu Linux CVE-2026-47332

| EUVDEUVD-2026-32987 MEDIUM
Out-of-bounds Read (CWE-125)
2026-05-28 canonical GHSA-4hmr-4vjc-3rg2
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 28, 2026 - 19:25 vuln.today
CVE Published
May 28, 2026 - 18:28 nvd
MEDIUM 5.5

DescriptionCVE.org

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent slab objects.

AnalysisAI

Out-of-bounds read in Ubuntu Linux kernels 6.8, 6.17, and 7.0 exposes adjacent slab allocator memory to any local low-privileged user. The flaw originates in Canonical's Ubuntu-specific AppArmor SAUCE patches, which incorrectly validate the size of an internal structure during notification handling, enabling controlled reads past the intended memory boundary. No public exploit identified at time of analysis, and exploitation is strictly local; however, C:H in the CVSS vector confirms that successful exploitation can yield high-sensitivity kernel or cross-process data from slab neighbors.

Technical ContextAI

The vulnerable code resides in Ubuntu-specific AppArmor 'SAUCE' patches - downstream kernel modifications maintained by Canonical and not present in upstream Linux. CWE-125 (Out-of-Bounds Read) is the root cause class: a size validation check on an internal AppArmor structure is performed incorrectly, allowing the notification handling code path to read beyond its allocated slab object into adjacent kernel memory. Linux slab allocators (SLUB/SLAB) pack objects contiguously, so an out-of-bounds read can leak data from neighboring objects belonging to any kernel subsystem or user process. The CPE cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:* confirms this is a Canonical-maintained artifact, not an upstream kernel defect. The tags note 'Buffer Overflow' alongside 'Information Disclosure', but the CVSS vector (I:N/A:N) and CWE-125 classification confirm this is a read-only overread, not a write primitive.

RemediationAI

Apply the vendor-supplied fix available as Launchpad commit 0418e5f61b55465f19245705bce6590c807fc9f2 in the Ubuntu noble kernel git repository (https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=0418e5f61b55465f19245705bce6590c807fc9f2). Patch availability is confirmed per vendor (Canonical), but an exact released package version (e.g., linux-image-X.X.X-XX) is not independently confirmed from available data - monitor Ubuntu Security Notices (USN) for the official patched kernel package corresponding to your Ubuntu release. As a compensating control prior to patching, restrict local shell access to trusted users on affected systems, since exploitation requires local authenticated access (AV:L/PR:L); this does not eliminate the vulnerability but substantially limits the attacker pool. Disabling AppArmor notification functionality may serve as an additional workaround if operationally feasible, though this would degrade AppArmor policy enforcement capability and should be evaluated against the security trade-off.

Share

CVE-2026-47332 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy