CVE-2026-47328

Summary

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.

Affected Software

VendorProductVersion RangeStatus
CanonicalUbuntu Linux6.8.0 < 6.8.0-124.124affected
CanonicalUbuntu Linux6.17.0 < 6.17.0-35.35affected
CanonicalUbuntu Linux7.0.0 < 7.0.0-22.22affected

Weaknesses

  • CWE-590: CWE-590 Free of memory not on the heap

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References