CVE-2026-47329 | THREATINT

Description

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.

PUBLISHED Reserved 2026-05-19 | Published 2026-05-28 | Updated 2026-05-28 | Assigner canonical

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-1284 Improper validation of specified quantity in input

Product status

Default status

unaffected

6.8.0 (dpkg) before 6.8.0-124.124

affected

6.17.0 (dpkg) before 6.17.0-35.35

affected

7.0.0 (dpkg) before 7.0.0-22.22

affected

Credits

Tristan Madani (@TristanInSec), Talence Security finder

References

git.launchpad.net/...ea8b64b3ad27d0501cf711efa98077998a33b14 patch

cve.org (CVE-2026-47329)

nvd.nist.gov (CVE-2026-47329)

Download JSON