What is CVE-2026-47337?

CVE-2026-47337 is a low-severity vulnerability in Canonical Ubuntu Linux, classified under NULL Pointer Dereference. CVSS score: 3.3/10. Published 2026-05-28.

How severe is CVE-2026-47337?

Low severity. CVSS v3 base score is 3.3 out of 10.

NULL pointer dereference in Canonical Ubuntu Linux

CVE-2026-47337

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.

EPSS: 0.000 (3.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Affected products

Canonical Ubuntu Linux — versions 6.8.0, 6.17.0, 7.0.0
Canonical Ubuntu_linux — versions 6.8, 6.17, 7.0

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

security@ubuntu.com (patch, Broken Link)

Frequently asked questions

What is CVE-2026-47337?: CVE-2026-47337 is a low-severity vulnerability in Canonical Ubuntu Linux, classified under NULL Pointer Dereference. CVSS score: 3.3/10. Published 2026-05-28.
How severe is CVE-2026-47337?: Low severity. CVSS v3 base score is 3.3 out of 10.