CVE-2026-47333
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
28/05/2026
Last modified:
09/06/2026
Description
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in invalid data being processed by the AppArmor DFA policy engine.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:25.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:26.04:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



