CVE-2026-47334 Canonical CVE debrief

Who should care

System administrators running Ubuntu with kernels 6.8, 6.17, or 7.0; security teams managing Linux endpoint security; DevOps engineers maintaining Ubuntu-based container hosts; compliance officers tracking kernel-level vulnerability exposure.

Technical summary

The vulnerability exists in Ubuntu-specific SAUCE (Ubuntu-specific patches) for the AppArmor security module. The notification handling code incorrectly invokes sleeping functions while holding a spinlock, violating the fundamental Linux kernel rule that spinlock critical sections must not sleep. This can be triggered by an unprivileged local user through AppArmor notification interfaces, resulting in either immediate kernel panic or deadlock conditions that render the system unresponsive. The affected code paths are specific to Ubuntu's kernel packaging and do not affect upstream Linux kernels directly.

Defensive priority

medium

Recommended defensive actions

• Review Ubuntu security notices for kernel updates addressing CVE-2026-47334
• Prioritize patching systems running Ubuntu kernels 6.8, 6.17, or 7.0
• Monitor for kernel panic or deadlock indicators in AppArmor-enabled systems
• Apply principle of least privilege to limit unprivileged local access
• Validate kernel patch levels through canonical Ubuntu update channels

Evidence notes

NVD entry cites Ubuntu kernel commit f0e73aec23d13a9877fba096b1c2fd19f66e5313 addressing the spinlock sleep bug in AppArmor SAUCE patches. CWE-833 (Deadlock) identified as relevant weakness. CVSS vector confirms local attack vector with low attack complexity and high availability impact.

Official resources