CVE-2026-47328
6.1 MEDIUMUbuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmallo...
Published: 2026-05-28 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
- CWE
- CWE-590
Affected products
| Vendor | Product |
|---|---|
| canonical | ubuntu_linux |
Description
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-47337 — Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket ... (3.3 LOW)
- CVE-2026-47336 — Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code (3.3 LOW)
- CVE-2026-47335 — Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications (5.5 MEDIUM)
- CVE-2026-47334 — Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code (5.5 MEDIUM)
- CVE-2026-47333 — Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, l... (7.8 HIGH)
Same CWE
- CVE-2025-7006 — Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of ... (5.5 MEDIUM)