Skip to main content

Ubuntu Linux CVE-2026-47335

| EUVDEUVD-2026-32990 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-28 canonical GHSA-vhq6-qfmv-qf42
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 28, 2026 - 19:24 vuln.today
CVE Published
May 28, 2026 - 18:28 nvd
MEDIUM 5.5

DescriptionCVE.org

Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic.

AnalysisAI

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authenticated, unprivileged user to crash the system. The flaw resides in Ubuntu-specific SAUCE patches - out-of-tree modifications maintained by Canonical - meaning the vulnerable code path does not exist in upstream mainline kernels. With a CVSS score of 5.5 and an availability-only impact, the practical consequence is a local denial-of-service: any low-privilege user with shell access can force a kernel panic. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis.

Technical ContextAI

CWE-476 (NULL Pointer Dereference) describes the root cause: a code path in the AppArmor Linux Security Module's notification subsystem fails to validate a pointer before dereferencing it, triggering a kernel panic when the pointer is NULL. AppArmor is the mandatory access control framework enabled by default on Ubuntu systems. The vulnerable code is exclusive to Canonical's SAUCE (Sauce Applies Ubuntu Changes Everywhere) patch series carried in the Ubuntu 6.8 kernel tree for Noble (Ubuntu 24.04 LTS), as indicated by the 'noble' branch reference in the Launchpad commit URL. Because SAUCE patches are Ubuntu-specific additions not yet merged upstream, distributions tracking mainline Linux 6.8 are unaffected. The CPE string cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:* covers Canonical's Ubuntu Linux product family broadly; the specific kernel version impacted is the 6.8 series shipping with Ubuntu Noble.

RemediationAI

The primary fix is to apply the patched Ubuntu kernel provided by Canonical. The upstream fix commit is available at https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=406571d530ccdbae6119fe64ce9cf5c74160f20b for the Noble (Ubuntu 24.04 LTS) kernel tree; however, the exact packaged kernel release version incorporating this fix has not been independently confirmed from a tagged release - monitor Ubuntu Security Notices (USN) for the official kernel update announcement. Until the patched kernel package is applied, a targeted compensating control is to disable AppArmor notifications if the feature is not operationally required: this removes the vulnerable code path without disabling AppArmor enforcement itself, though it will suppress notification events used by tools like aa-notify and any applications consuming AppArmor audit events. On systems where untrusted or multi-tenant local user access is not possible, the risk is minimal and patching can follow normal maintenance windows.

Share

CVE-2026-47335 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy