CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root
#AppArmor
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root
#Apparmor
Unprivileged users could exploit #AppArmor bugs to gain root access
https://securityaffairs.com/189487/hacking/unprivileged-users-could-exploit-apparmor-bugs-to-gain-root-access.html
#securityaffairs #hacking #Linux
📢 CrackArmor : des failles critiques d’AppArmor permettent l’élévation locale à root et la rupture d’isolation
📝 Source et contexte —...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-14-crackarmor-des-failles-critiques-dapparmor-permettent-lelevation-locale-a-root-et-la-rupture-disolation/
🌐 source : https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root
#AppArmor #IOC #Cyberveille
#CrackArmor : neuf vulnérabilités ont été découvertes dans #AppArmor remontant au noyau #Linux 4.11 (2017) et pourraient affecter plus de 12,6 millions de systèmes.
(more Linux news in original post)
Exclusive Preview Of System76's Completely Redesigned Thelio Desktop:
https://www.phoronix.com/review/system76-new-thelio
MSI PRO B850-P WiFi: A Special AMD Ryzen AM5 Motherboard For Linux / Open-Source Enthusiasts:
https://www.phoronix.com/review/msi-pro-b850p-wifi
Proton Experimental brings fixes for REDLauncher, HELLDIVERS 2, Atelier Yumia, KILLER INN and more:
https://www.gamingonlinux.com/2026/03/proton-experimental-brings-fixes-for-redlauncher-helldivers-2-atelier-yumia-killer-inn-and-more/
D7VK 1.5 Released With Direct3D 3 Now Implemented Over Vulkan:
https://www.phoronix.com/news/D7VK-1.5-Released
NVIDIA 580.142 Production-Ready Linux Graphics Driver Released with Bug Fixes:
https://9to5linux.com/nvidia-580-142-production-ready-linux-graphics-driver-released-with-bug-fixes
NVIDIA 595.44.03 Linux Driver Released With VK_KHR_device_address_commands:
https://www.phoronix.com/news/NVIDIA-595.44.03-Linux
NVIDIA Adds Official Support For RHEL-Compatible Distributions Like AlmaLinux With CUDA 13.2:
https://www.phoronix.com/news/NVIDIA-Official-RHEL-Compat
Open-Source "GreenBoost" Driver Aims To Augment NVIDIA GPUs vRAM With System RAM & NVMe To Handle Larger LLMs:
https://www.phoronix.com/news/Open-Source-GreenBoost-NVIDIA
Mesa 26.0.2 arrives with more bug-fixes for Linux graphics drivers:
https://www.gamingonlinux.com/2026/03/mesa-26-0-2-arrives-with-more-bug-fixes-for-linux-graphics-drivers/
Mesa driver developers discuss expanding profiles and driver tuning for specific apps and games:
https://www.gamingonlinux.com/2026/03/mesa-driver-developers-discuss-expanding-profiles-and-driver-tuning-for-specific-apps-and-games/
OpenRazer 3.12 Released With Support For Newer Razer Products On Linux:
https://www.phoronix.com/news/OpenRazer-3.12
Intel NPU Driver 1.30 Released For Linux:
https://www.phoronix.com/news/Intel-NPU-Driver-Linux-1.30
New Rust Driver Aims To Improve Upstream Linux On Synology NAS Devices:
https://www.phoronix.com/news/Synology-Microp-Linux-Driver
Rust Coreutils 0.7 Released With Many Performance Optimizations:
https://www.phoronix.com/news/Rust-Coreutils-uutils-0.7
Ubuntu's AppArmor Hit By Several Security Issues - Can Yield Local Privilege Escalation:
https://www.phoronix.com/news/Ubuntu-AppArmor-Security-Issues
systemd 260-rc3 Released With AI Agents Documentation Added:
https://www.phoronix.com/news/systemd-260-rc3
Fwupd 2.1.1 Linux Firmware Updater Released as a Massive Update:
https://9to5linux.com/fwupd-2-1-1-linux-firmware-updater-released-as-a-massive-update
(FOSS news in comments)
#WeeklyNews #News #Linux #LinuxNews #System76 #Thelio #MSIPRO #Proton #ProtonExperimental #D7VK #NVIDIA #NVIDIADriver #Mesa #OpenRazer #Intel #IntelNPU #Synology #RustCoreutils #AppArmor #Systemd #Fwupd #GreenBoost #Motherboard #FosseryTech
Уязвимости в AppArmor, позволяющие получить root-доступ в системе
Компания Qualys выявила 9 уязвимостей в системе мандатного управления доступом AppArmor, наиболее опасные из которых позволяют локальному непривилегированному пользователю получить права root в системе, выйти из изолированных контейнеров и обойти ограничения, заданные через AppArmor. Уязвимости получили кодовое имя CrackArmor. CVE-идентификаторы пока не назначены. Успешные примеры повышения привилегий продемонстрированы в Ubuntu 24.04 и Debian 13.
If you are using Ubuntu or Debian with AppArmor, please update your systems immediately: https://ubuntu.com/security/vulnerabilities/crackarmor
#Ubuntu's #AppArmor Hit By Several Security Issues - Can Yield Local Privilege Escalation
www.phoronix.com/news/Ubuntu-...
#Linux
Ubuntu's AppArmor Hit By Sever...
#Ubuntu's #AppArmor Hit By Several Security Issues - Can Yield Local Privilege Escalation
https://www.phoronix.com/news/Ubuntu-AppArmor-Security-Issues
⋅ ‘CrackArmor’ Vulnerability in AppArmor Impacts 12.6M Linux Systems
− https://hackread.com/crackarmor-vulnerability-apparmor-linux-systems/
A 7-year-old Linux flaw dubbed #CrackArmor exposes 12.6 million systems using AppArmor. Researchers found that it can enable root access, container escape, and security bypass. Patch immediately.
Read: https://hackread.com/crackarmor-vulnerability-apparmor-linux-systems/
Local privilege escalation bug in AppArmor. Update your Ubuntu and Debian systems and reboot.
CrackArmor: Multiple vulnerabilities in #AppArmor "Bypassing Ubuntu's user-namespace restrictions
AppArmor + Sudo + Postfix = root
Kernel vulnerabilities". https://seclists.org/oss-sec/2026/q1/303 #infosec #qualys
#CrackArmor: Multiple vulnerabilities in #AppArmor
Advisory: https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt
These vulnerabilities allow a local attacker to bypass the security normally provided by AppArmor. Also, in some situations, it allows privilege escalation to root by selectively blocking specific syscalls.
#AppArmor is an odd duck. It is trying to enforce profile rules for UNIX domain sockets based on their protocol field. Which probably bites you if you are a protocol #developer #scientist, or #financial trader, as it impacts production software critical to precision timing (#gpsd, #chronyd, #linuxptp, #ptpd2). This is despite the fact that most uses of #UNIX domain #sockets never even specify a protocol in their system calls to begin with... how bizarre.
PSA for time nuts: The #AppArmor profiles in #Debian Trixie for #gpsd and #chrony are broken if you try to use SOCK rather than SHM, for maximum #PPS accuracy. Bit me on #Proxmox 9.1. The #NTP SHM segment has to be polled by definition; SOCK is event-driven, so you only get #UNIX socket latency on pulses. So just put them in complain. Not an issue for me yet. The #SiRFStar IV #USB GPS I scored yesterday doesn't appear to do PPS sadly. Here's hoping, hoping, I stashed my GPSDO in safekeeping!
So the AppArmor Guix issue 6501 finally resolved:
https://codeberg.org/guix/guix/issues/6501
Thanks for @efraim for merging https://codeberg.org/guix/guix/pulls/6935 !
I'm constantly having trouble discovering what #debian's #security story is supposed to be.
They claim updates keep secure, except #backports doesn't give any guarantees for security. But then you have package 'tor": updates provide old version with risks, while backports provide up-to-date version.
#AppArmor is provided but most profiles aren't up-to-date so enforcing is risky. Ubuntu restricts unprivileged-unconfined apps to prevent unnecessarily exposing some vulnerabilities. Debian doesn't
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst