Multiple vulnerabilities in AppArmor

Qualys researchers have demonstrated nine flaws in the Linux security module AppArmor, which is enabled by default in Ubuntu, Debian, and SUSE. A core confused-deputy bug allows an unprivileged local user to load, replace, and delete arbitrary AppArmor profiles, leading to weakened protection, denial of service, and bypass of user-namespace restrictions.

Further exploitation of this issue can lead to LPE by crafting profiles that trigger a fail‑open condition in sudo, or by exploiting kernel parsing bugs. These include an uncontrolled recursion, an out‑of‑bounds read leaking up to 64 KB of kernel memory, a use‑after‑free in kmalloc‑192 and a double‑free in any slab cache between kmalloc-8 and kmalloc-256, allowing root privilege escalation on Ubuntu 24.04.3 and Debian 13.1.

📎 Article: https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt

💬 Discuss