CVE-2026-47331 HIGH

CVE-2026-47331: Use-after-free in Ubuntu Linux AppArmor notification handling

Vendor Canonical
Product Ubuntu Linux
Weakness CWE-416
Published May 28, 2026
Last update May 29, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.

Key dates

02Disclosure timeline

May 28, 2026 CVE published
May 29, 2026 Record updated