CVE-2026-47335 Canonical CVE debrief

Who should care

System administrators running Ubuntu 6.8 kernels with AppArmor enabled; security teams managing Ubuntu server and workstation fleets; kernel maintainers tracking Ubuntu-specific SAUCE patch security issues

Technical summary

The vulnerability resides in SAUCE patches for AppArmor notifications in Ubuntu Linux 6.8. A missing NULL check allows an unprivileged local attacker to dereference a NULL pointer, triggering a kernel panic. The attack requires local access but no user interaction. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) reflects high availability impact with no confidentiality or integrity impact. The fix involves proper NULL pointer validation in the AppArmor notification handling code path.

Defensive priority

medium

Recommended defensive actions

• Apply the kernel patch from the Ubuntu noble repository commit referenced in the security advisory
• Update to a fixed Ubuntu kernel version once released through standard distribution channels
• Monitor Ubuntu Security Notices (USN) for official security update availability
• Review systems running Ubuntu 6.8 kernel with AppArmor enabled for unexpected stability issues
• Consider restricting unprivileged user access to AppArmor notification interfaces as a temporary mitigation where feasible

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. CVSS vector confirms local attack vector with low attack complexity. Weakness classification (CWE-476) provided by [email protected]. Vendor attribution to Ubuntu derived from Launchpad git repository reference and kernel source path.

Official resources