6.1
CVE-2026-47328
- EPSS 0.09%
- Veröffentlicht 28.05.2026 18:27:33
- Zuletzt bearbeitet 09.06.2026 16:33:18
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
Invalid pointer deallocation in Ubuntu Linux AppArmor notification handling
Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not previously kmalloc()d, while at the same time leaking allocated memory. The bug can be triggered by an unprivileged local user and can result in the corruption of slab metadata and could lead to resource exhaustion.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version24.04
Canonical ≫ Ubuntu Linux Version25.10
Canonical ≫ Ubuntu Linux Version26.04
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.007 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@ubuntu.com | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
|
CWE-590 Free of Memory not on the Heap
The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=7f3c4902c39432ce7ea0d384cb70eba282247fac