{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-47329", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-05-19T10:37:36.433Z", "datePublished": "2026-05-28T18:27:44.945Z", "dateUpdated": "2026-05-28T19:24:59.869Z"}, "containers": {"cna": {"title": "Incorrect validation of field size in Ubuntu Linux AppArmor notification responses", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1284", "description": "CWE-1284 Improper validation of specified quantity in input", "type": "CWE"}]}], "affected": [{"vendor": "Canonical", "product": "Ubuntu Linux", "collectionURL": "https://launchpad.net/ubuntu/+source/", "packageName": "linux", "repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/", "modules": ["AppArmor"], "versions": [{"status": "affected", "version": "6.8.0", "lessThan": "6.8.0-124.124", "versionType": "dpkg"}, {"status": "affected", "version": "6.17.0", "lessThan": "6.17.0-35.35", "versionType": "dpkg"}, {"status": "affected", "version": "7.0.0", "lessThan": "7.0.0-22.22", "versionType": "dpkg"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses."}], "references": [{"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Tristan Madani (@TristanInSec), Talence Security", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-05-28T18:27:44.945Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-28T19:19:57.301800Z", "id": "CVE-2026-47329", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-28T19:24:59.869Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-47329", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-28T19:19:57.301800Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-28T19:24:54.886Z"}}], "cna": {"title": "Incorrect validation of field size in Ubuntu Linux AppArmor notification responses", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Tristan Madani (@TristanInSec), Talence Security"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/", "vendor": "Canonical", "modules": ["AppArmor"], "product": "Ubuntu Linux", "versions": [{"status": "affected", "version": "6.8.0", "lessThan": "6.8.0-124.124", "versionType": "dpkg"}, {"status": "affected", "version": "6.17.0", "lessThan": "6.17.0-35.35", "versionType": "dpkg"}, {"status": "affected", "version": "7.0.0", "lessThan": "7.0.0-22.22", "versionType": "dpkg"}], "packageName": "linux", "collectionURL": "https://launchpad.net/ubuntu/+source/", "defaultStatus": "unaffected"}], "references": [{"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1284", "description": "CWE-1284 Improper validation of specified quantity in input"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-05-28T18:27:44.945Z"}}}, "cveMetadata": {"cveId": "CVE-2026-47329", "state": "PUBLISHED", "dateUpdated": "2026-05-28T19:24:59.869Z", "dateReserved": "2026-05-19T10:37:36.433Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2026-05-28T18:27:44.945Z", "assignerShortName": "canonical"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses."}], "id": "CVE-2026-47329", "lastModified": "2026-05-28T19:16:41.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2026-05-28T19:16:41.020", "references": [{"source": "security@ubuntu.com", "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.8.0,6.8.0-124.124)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.17.0,6.17.0-35.35)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[7.0.0,7.0.0-22.22)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Ubuntu Linux", "source": "cna", "vendor": "Canonical"}, "product": "ubuntu_linux", "vendor": "canonical"}], "created": "2026-05-28T20:30:25.666065+00:00", "updated": "2026-05-28T20:30:25.666102+00:00", "vendors": ["canonical", "canonical$PRODUCT$ubuntu_linux"]}