PatchSiren cyber security CVE debrief
CVE-2026-47328 Canonical CVE debrief
A memory management vulnerability exists in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 due to defective AppArmor SAUCE patches. The flaw involves an incorrect attempt to free a pointer that was not allocated via kmalloc(), coupled with a memory leak. An unprivileged local attacker can trigger this bug, leading to slab metadata corruption and potential resource exhaustion. The vulnerability is classified as MEDIUM severity with a CVSS 3.1 score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). The weakness is categorized as CWE-590: Free of Memory not on the Heap. The vulnerability was published on May 28, 2026. No known exploitation in the wild or ransomware campaign use has been documented.
- Vendor
- Canonical
- Product
- Ubuntu Linux
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-28
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-05-28
- Advisory updated
- 2026-05-29
Who should care
System administrators managing Ubuntu Linux deployments, security teams responsible for kernel security posture, and organizations running multi-user Ubuntu systems where unprivileged local access is possible
Technical summary
The vulnerability stems from incorrect memory handling in Ubuntu-specific AppArmor SAUCE (Ubuntu Delta) patches. The code path attempts to kfree() a pointer that was not kmalloc()d, resulting in undefined behavior and slab metadata corruption. Simultaneously, legitimately allocated memory is leaked. The attack vector requires local access with low privileges, no user interaction, and can result in high availability impact through resource exhaustion. The integrity impact is rated low. The vulnerability does not affect confidentiality.
Defensive priority
medium
Recommended defensive actions
- Apply kernel updates from Ubuntu security repositories when available
- Monitor Ubuntu Security Notices for patch availability
- Review systems running affected kernel versions (6.8, 6.17, 7.0)
- Restrict local user access where possible as interim mitigation
- Audit for signs of system instability or memory exhaustion that could indicate exploitation attempts
Evidence notes
Vulnerability description and CVSS vector sourced from NVD record. Technical details regarding the AppArmor SAUCE patch defect and kmalloc/free mismatch derived from official CVE description. Commit reference indicates the fix location in Ubuntu kernel source repository.
Official resources
-
CVE-2026-47328 CVE record
CVE.org
-
CVE-2026-47328 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
public