Skip to main content

Ubuntu Linux CVE-2026-47337

| EUVDEUVD-2026-32992 LOW
NULL Pointer Dereference (CWE-476)
2026-05-28 canonical GHSA-92c3-4wxg-8jwx
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 28, 2026 - 19:21 vuln.today

DescriptionCVE.org

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.

AnalysisAI

NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local user to trigger a kernel oops, resulting in a denial of service. The flaw resides specifically in Ubuntu's out-of-tree SAUCE patches for AF_INET/AF_INET6 socket mediation - mainline Linux kernel builds are unaffected. No active exploitation is confirmed (not in CISA KEV), no public exploit has been identified at time of analysis, and the CVSS score of 3.3 (Low) accurately reflects the constrained impact: local access only, no confidentiality or integrity loss, and limited availability degradation.

Technical ContextAI

Ubuntu kernels ship with 'SAUCE' (Sauce Applied Ubuntu Canonical Engineering) patches - Canonical-maintained modifications layered on top of the upstream Linux kernel that are not merged into mainline. The affected code path involves socket mediation for AF_INET (IPv4) and AF_INET6 (IPv6) socket families, which are the standard kernel interfaces for TCP/UDP network communication. Socket mediation in this context refers to security-layer interception of socket operations, likely tied to Ubuntu's AppArmor LSM (Linux Security Module) integration within the SAUCE layer. CWE-476 (NULL Pointer Dereference) identifies the root cause: a code path dereferences a pointer without first validating it for NULL, causing a kernel oops - an unrecoverable kernel exception that terminates or destabilizes the running kernel. The CPE string cpe:2.3:a:canonical:ubuntu_linux:*:*:*:*:*:*:*:* confirms the affected product as Canonical's Ubuntu Linux distribution specifically, not upstream Linux.

RemediationAI

Apply the upstream fix committed to the Ubuntu kernel noble branch, available at https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9f03f0012a2367efae1edb4798f1c5103aeb6cbc - note this is an upstream fix available (commit); a released patched package version is not independently confirmed from available data, so monitor Ubuntu Security Notices (USN) at ubuntu.com/security/notices for official kernel package updates and apply them when published. As a compensating control prior to patch availability, restrict local shell access on affected Ubuntu systems running kernel 6.8, 6.17, or 7.0 - particularly on multi-tenant hosts - to reduce the set of users who can reach the vulnerable socket mediation code path; this has the trade-off of limiting legitimate user access. Disabling AF_INET or AF_INET6 socket families is not a viable workaround as it breaks standard IPv4/IPv6 networking. No network-layer mitigations apply given the local-only attack vector.

Share

CVE-2026-47337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy