Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

2026-03-13

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Qualys researchers disclosed nine 'CrackArmor' confused deputy vulnerabilities in Linux AppArmor that allow unprivileged users to escalate privileges to root and bypass container isolation.

•The flaws exist since 2017 and affect all Linux kernels since version 4.11 on any distribution with AppArmor enabled.
•Attackers can manipulate AppArmor profiles via pseudo-files to disable security protections or enforce deny-all policies, causing DoS attacks.
•Vulnerabilities enable Local Privilege Escalation (LPE) to full root through interactions with tools like Sudo and Postfix.
•KASLR bypasses via out-of-bounds reads and stack exhaustion for DoS are also possible.
•Over 12.6 million enterprise Linux instances (Ubuntu, Debian, SUSE) are affected; immediate kernel patching is advised as no CVEs have been assigned yet.

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture