RESEARCHERS from Qualys have disclosed nine vulnerabilities in the Linux kernel’s AppArmor module, collectively tracked as CrackArmor, which could let unprivileged users bypass protections, escalate to root, run code in the kernel, or trigger denial-of-service conditions. The flaws, which have existed since 2017, expose a confused-deputy issue that allows manipulation of AppArmor profiles via pseudo-files, enabling local privilege escalation through interactions with tools like Sudo and Postfix.
Because AppArmor is enabled by default on Ubuntu, Debian and SUSE, the issues potentially affect more than 12.6 million Linux systems across enterprise, cloud, containers and IoT environments, according to Qualys. No CVE identifiers have been assigned yet, but security teams are advised to patch the Linux kernel immediately, as updates are the only reliable mitigation.
The cracks could let attackers bypass namespace limits, execute arbitrary kernel code, and degrade container isolation, with risks of kernel panics, DoS and KASLR bypasses via out-of-bounds reads, the report notes.