{"api_version":"1","generated_at":"2026-05-29T19:13:26+00:00","cve":"CVE-2026-47329","urls":{"html":"https://cve.report/CVE-2026-47329","api":"https://cve.report/api/cve/CVE-2026-47329.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-47329","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-47329"},"summary":{"title":"Incorrect validation of field size in Ubuntu Linux AppArmor notification responses","description":"Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.","state":"PUBLISHED","assigner":"canonical","published_at":"2026-05-28 19:16:41","updated_at":"2026-05-29 02:45:36"},"problem_types":["CWE-1284","CWE-1284 CWE-1284 Improper validation of specified quantity in input"],"metrics":[{"version":"3.1","source":"security@ubuntu.com","type":"Secondary","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14","name":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14","refsource":"security@ubuntu.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-47329","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47329","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Canonical","product":"Ubuntu Linux","version":"affected 6.8.0 6.8.0-124.124 dpkg","platforms":[]},{"source":"CNA","vendor":"Canonical","product":"Ubuntu Linux","version":"affected 6.17.0 6.17.0-35.35 dpkg","platforms":[]},{"source":"CNA","vendor":"Canonical","product":"Ubuntu Linux","version":"affected 7.0.0 7.0.0-22.22 dpkg","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Tristan Madani (@TristanInSec), Talence Security","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-47329","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-28T19:19:57.301800Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-28T19:24:59.869Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://launchpad.net/ubuntu/+source/","defaultStatus":"unaffected","modules":["AppArmor"],"packageName":"linux","product":"Ubuntu Linux","repo":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/","vendor":"Canonical","versions":[{"lessThan":"6.8.0-124.124","status":"affected","version":"6.8.0","versionType":"dpkg"},{"lessThan":"6.17.0-35.35","status":"affected","version":"6.17.0","versionType":"dpkg"},{"lessThan":"7.0.0-22.22","status":"affected","version":"7.0.0","versionType":"dpkg"}]}],"credits":[{"lang":"en","type":"finder","value":"Tristan Madani (@TristanInSec), Talence Security"}],"descriptions":[{"lang":"en","value":"Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1284","description":"CWE-1284 Improper validation of specified quantity in input","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-28T18:27:44.945Z","orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical"},"references":[{"tags":["patch"],"url":"https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=9ea8b64b3ad27d0501cf711efa98077998a33b14"}],"source":{"discovery":"EXTERNAL"},"title":"Incorrect validation of field size in Ubuntu Linux AppArmor notification responses"}},"cveMetadata":{"assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","cveId":"CVE-2026-47329","datePublished":"2026-05-28T18:27:44.945Z","dateReserved":"2026-05-19T10:37:36.433Z","dateUpdated":"2026-05-28T19:24:59.869Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-28 19:16:41","lastModifiedDate":"2026-05-29 02:45:36","problem_types":["CWE-1284","CWE-1284 CWE-1284 Improper validation of specified quantity in input"],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"47329","Ordinal":"1","Title":"Incorrect validation of field size in Ubuntu Linux AppArmor noti","CVE":"CVE-2026-47329","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"47329","Ordinal":"1","NoteData":"Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.","Type":"Description","Title":"Incorrect validation of field size in Ubuntu Linux AppArmor noti"}]}}}