CVE-2026-47331
Received
Received - Intake
AppArmor Race Condition in Ubuntu Linux 6.8 Leads to Use-After-Free
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Canonical Ltd.
Description
Description
Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubuntu | linux | 6.8 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Ubuntu Linux 6.8 where the AppArmor SAUCE patches fail to properly acquire a lock when modifying a linked list. This flaw allows an unprivileged local user to trigger a race condition that can lead to a use-after-free (UAF) situation.
The use-after-free condition can potentially be exploited to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
An unprivileged local user could exploit this vulnerability to execute arbitrary code on the system.
- This could lead to full compromise of the affected system.
- Confidentiality, integrity, and availability of the system could be severely impacted.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70