CVE-2026-47331

Public on 2026-05-28

Modified on 2026-06-15

Description

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free (UAF) and, theoretically, arbitrary code execution.

Severity

Important

See what this means

CVSS v3 Base Score

7.0

See breakdown

Affected Packages

Platform	Package	Status
Amazon Linux 2 - Core	kernel	Not Affected
Amazon Linux 2 - Kernel-5.10 Extra	kernel	Not Affected
Amazon Linux 2 - Kernel-5.15 Extra	kernel	Not Affected
Amazon Linux 2 - Kernel-5.4 Extra	kernel	Not Affected
Amazon Linux 2023	kernel	Not Affected
Amazon Linux 2023	kernel6.12	Not Affected
Amazon Linux 2023	kernel6.18	Not Affected

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.0	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-47331 Mitre: CVE-2026-47331