CVE-2026-47337
NULL Pointer Dereference in Ubuntu Linux Kernel
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubuntu | linux | From 6.8 (inc) |
| ubuntu | linux | From 6.17 (inc) |
| ubuntu | linux | From 7.0 (inc) |
| ubuntu | linux | to 6.8 (inc) |
| ubuntu | linux | to 6.17 (inc) |
| ubuntu | linux | to 7.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Ubuntu Linux versions 6.8, 6.17, and 7.0 where SAUCE patches have a possible NULL pointer dereference issue in the handling of AF_INET and AF_INET6 socket mediation.
An unprivileged local user can trigger this bug, which can cause a kernel oops, a type of kernel error that may lead to system instability or crashes.
How can this vulnerability impact me? :
The impact of this vulnerability is limited to causing a kernel oops, which can result in system instability or crashes.
Since the vulnerability requires local unprivileged user access and does not affect confidentiality or integrity, the main risk is availability disruption.