CVE-2026-47326 Canonical CVE debrief

Who should care

Organizations running Ubuntu with affected kernel versions, particularly cloud providers and hosting services offering shell access to untrusted users, should prioritize this patch. System administrators of shared/multi-user environments face elevated risk from this local denial-of-service vector.

Technical summary

The vulnerability resides in Ubuntu-specific SAUCE (Ubuntu Delta) patches applied to Linux kernel versions 6.8, 6.17, and 7.0. The memory leak occurs when processing large responses to AppArmor security module notifications. An unprivileged local attacker can trigger this condition repeatedly to exhaust system memory, resulting in denial of service. The flaw is in kernel-space memory management code and does not require special capabilities beyond local user access. The fix involves proper memory deallocation in the AppArmor notification response handling path.

Defensive priority

medium

Recommended defensive actions

• Apply the kernel patch from the Ubuntu security repository when available
• Monitor Ubuntu Security Notices for updated kernel packages
• Consider restricting unprivileged user access to AppArmor notification interfaces where feasible
• Review systems for signs of memory exhaustion that could indicate exploitation attempts
• Prioritize patching on multi-tenant systems where unprivileged local access is common

Evidence notes

Vulnerability confirmed through official CVE record and NVD entry. Patch commit identified in Ubuntu kernel Git repository on Launchpad. CVSS vector confirms local attack vector with availability impact. No evidence of known exploitation or ransomware campaign use.

Official resources