Critical CrackArmor Vulnerabilities Risk Root Access in 12.6 Million Linux Systems

Critical CrackArmor Vulnerabilities Risk Root Access in 12.6 Million Linux Systems

First seen 13 Mar 2026, 04:28 UTC PhoronixItbrief.AuAustraliancybersecuritymagazine.AuBlog.QualysCybersecuritynews+11 82% similarity 72.0

Article Content

Browse articles
ThreatCluster

Qualys researchers have identified nine critical vulnerabilities in AppArmor, a mandatory access control framework for Linux, collectively termed 'CrackArmor.' These flaws allow unprivileged local users to escalate privileges to root, bypass container isolation, and potentially crash kernel operations. The vulnerabilities affect over 12.6 million enterprise Linux systems globally, particularly those using distributions like Ubuntu, Debian, and SUSE. The vulnerabilities stem from how the Linux kernel manages AppArmor security profiles, enabling attackers to manipulate privileged processes through specific file interfaces. The issues have existed since Linux kernel version 4.11, released in 2017, and do not yet have assigned CVE identifiers. Immediate kernel updates are recommended as interim mitigations do not provide sufficient protection. Organizations are urged to follow distribution-specific advisories for remediation. The vulnerabilities pose significant risks to system integrity and security.

Key Points: • Nine critical vulnerabilities in AppArmor could allow root access on affected systems. • Over 12.6 million enterprise Linux systems are at risk due to these flaws. • Immediate kernel updates are necessary to mitigate the vulnerabilities.

ThreatCluster AI

Timeline

2026-03-13
Qualys publishes research on CrackArmor vulnerabilities in AppArmor.
2026-03-13
Multiple news outlets report on the critical vulnerabilities.
Recent
Organizations advised to apply kernel updates to mitigate risks.

Community

Browse all →