CVE-2026-47333 PUBLISHED

Out-of-bounds read in Ubuntu Linux AppArmor notification handling

Assigner: canonical
Reserved: 19.05.2026 Published: 28.05.2026 Updated: 29.05.2026

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data being processed by the AppArmor DFA policy engine.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Canonical
Product	Ubuntu Linux
Versions	Default: unaffected affected from 6.8.0 to 6.8.0-124.124 (excl.) affected from 6.17.0 to 6.17.0-35.35 (excl.) affected from 7.0.0 to 7.0.0-22.22 (excl.)

Credits

Tristan Madani (@TristanInSec), Talence Security finder

References

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=635fa30ed9e944bdb7e811fb8a8906286b4b4f06

Problem Types

CWE-125 Out-of-bounds read CWE