CVE-2026-47333 Canonical CVE debrief

Who should care

System administrators running Ubuntu Linux with kernel versions 6.8, 6.17, or 7.0; security teams managing AppArmor-protected workloads; organizations relying on Ubuntu LTS releases with mandatory access control policies

Technical summary

The vulnerability exists in Ubuntu-specific SAUCE (Ubuntu Delta) patches for the Linux kernel's AppArmor security module. An incorrect buffer size calculation in notification handling code leads to a heap-based out-of-bounds read. The AppArmor DFA (Deterministic Finite Automaton) policy engine may process invalid data as a result. The attack vector is local, requiring low privileges and no user interaction, with high impact to confidentiality, integrity, and availability per CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

HIGH

Recommended defensive actions

• Monitor Ubuntu security notices for kernel updates addressing CVE-2026-47333
• Apply kernel patches when available from Ubuntu security repositories
• Review AppArmor policy configurations for systems running affected kernel versions
• Consider restricting unprivileged user access to AppArmor notification interfaces as temporary mitigation
• Audit systems for signs of AppArmor policy engine anomalies or unexpected behavior

Evidence notes

Vulnerability description and CVSS vector sourced from NVD official record. Affected kernel versions and technical details derived from CVE description. Vendor attribution to Ubuntu based on reference domain candidate 'Launchpad' and commit URL pointing to ubuntu-kernel repository.

Official resources