Heap Memory Out-of-Bounds Read in Ubuntu Linux Products
CVE-2026-47333

7.8HIGH

Key Information:

Vendor: Canonical
Status: Ubuntu Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-47333?

Ubuntu Linux versions 6.8, 6.17, and 7.0 are impacted by a vulnerability in the AppArmor notification handling code. This flaw is associated with the SAUCE patches that may incorrectly compute the size of an internal buffer, which can be exploited by an unprivileged local user to trigger a heap memory out-of-bounds read. This can lead to potential processing of invalid data by the AppArmor DFA policy engine, putting the system at risk.

Affected Version(s)

Ubuntu Linux 6.8.0 < 6.8.0-124.124

Ubuntu Linux 6.17.0 < 6.17.0-35.35

Ubuntu Linux 7.0.0 < 7.0.0-22.22

References

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/l...

patch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 19, 2026

Credit

Tristan Madani (@TristanInSec), Talence Security

CVE-2026-47333 Data

JSON

Canonical

What is CVE-2026-47333?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit