OSG-SEC-2026-03-13 CRITICAL AppArmor Multiple Vulnerabilities

Dear OSG Security Contacts,

Recent research has disclosed multiple flaws collectively called “CrackArmor” affecting the Linux AppArmor security module (LSM). These issues arise from weaknesses in how AppArmor handles namespaces and policy enforcement, which may allow a local attacker to manipulate AppArmor controls, bypass confinement restrictions, potentially escalate privileges, or cause denial-of-service conditions.

IMPACTED VERSIONS:

Systems running AppArmor-enabled Linux kernels (primarily Ubuntu, Debian, and SUSE) may be affected.

WHAT ARE THE VULNERABILITIES:

The CrackArmor issues arise from multiple flaws in the Linux AppArmor security module, including a “confused-deputy” weakness that may allow an unprivileged local user to load, replace, or remove AppArmor profiles. This could weaken system protections, bypass confinement restrictions, disrupt critical services, or lead to local privilege escalation to root or denial-of-service. Overall, the flaws allow attackers with local access to undermine AppArmor policy enforcement and compromise system security.

WHAT YOU SHOULD DO:

Identify hosts using AppArmor.
Apply vendor kernel updates as soon as possible and reboot the system after patching.
If patching is delayed, disable unprivileged user namespaces after assessing site impact.
Monitor /sys/kernel/security/apparmor/ for unexpected or unauthorized changes.

REFERENCES:

[1] https://ubuntu.com/security/vulnerabilities/crackarmor
[2] https://lists.debian.org/debian-security-announce/2026/msg00072.html
[3] https://lists.debian.org/debian-security-announce/2026/msg00071.html
[4] https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt
[5] https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team