Qualys Threat Research Unit found nine "confused deputy" bugs in Linux's AppArmor security module. Collectively named CrackArmor, the flaws have existed undetected since kernel v4.11 (April 2017). They affect an estimated 12.6 million enterprise instances running Ubuntu, Debian, and SUSE where AppArmor is the default mandatory access control layer. Kubernetes clusters, IoT, and edge deployments push the real count higher.
Red Hat, Fedora, and Amazon Linux are not affected (they use SELinux, not AppArmor).
The building manager with master keys
AppArmor exposes pseudo-files at /sys/kernel/security/apparmor/.load, .replace, and .remove for managing security profiles. Permissions are checked only when data is written, not when the file descriptor is opened. An unprivileged person can open the descriptor, then trick a setuid-root tool (su, sudo, or Postfix's sendmail) into writing the correct format to it. Qualys described the mechanism as "an intruder convincing a building manager with master keys to open restricted vaults that the intruder cannot enter alone."
Any unprivileged application can open certain privileged control files under securityfs for writing, with permissions only checked upon actually writing data; if a privileged application can be tricked into writing the correct format to an opened file descriptor, the behaviour can be abused to load, remove, or change existing AppArmor profiles
— Canonical Vulnerability Knowledge Base
Four classes of attack from nine bugs
Policy manipulation is the first class. An unprivileged person can remove protections from critical daemons (rsyslogd, cupsd) or load "deny-all" rules against sshd, blocking all remote access to the machine.
Two distinct privilege escalation paths lead to root. The user-space chain loads a profile that denies CAP_SETUID to sudo, then manipulates the MAIL_CONFIG environment variable. Sudo fails to drop privileges and sends mail as root via Postfix's sendmail, which gives the attacker a root shell. The kernel-space chain exploits a use-after-free in aa_loaddata. A freed page is reallocated as a page table mapping /etc/passwd, letting the attacker overwrite the root password line and gain root via su.
Kernel denial of service is the third class. Removing deeply nested subprofiles (1,024 levels) triggers recursive stack exhaustion in __remove_profile(), causing a kernel panic and forced reboot on x86-64 systems. A KASLR bypass via out-of-bounds read and a double-free in aa_replace_profiles round out the kernel-level bugs.
Canonical drew a critical distinction for container environments. On hosts without containers, exploitation needs cooperation from a setuid binary (su with a valid password or sudo). In container deployments running potentially malicious images, the kernel bugs can be exploited without any cooperating privileged application. Kubernetes clusters with untrusted workloads face the highest risk.
The fourth attack class bypasses user-namespace restrictions. Ubuntu uses AppArmor to limit what unprivileged user namespaces can do. CrackArmor lets an unprivileged person create fully-capable namespaces, defeating the restriction entirely and enabling further kernel exploits from inside the namespace.
CrackArmor proves that even the most entrenched protections can be bypassed without admin credentials. For CISOs, this means patching alone isn't enough; we must re-examine our entire assumption of what 'default' configurations mean for our infrastructure.
— Dilip Bachwani, CTO, Qualys
Eight months from report to patch
Qualys sent the first batch of bugs to Canonical in July 2025. A second batch followed in August, a third in September. In October, Qualys shared a draft advisory.
December 15, 2025. Qualys emailed Ubuntu's security team to express concern about the disclosure pace. On January 14, 2026, they sent the same warning again. Five rounds of patch review followed. The coordinated disclosure date was initially March 3, but one incomplete patch forced a delay. Fixes landed in Linus Torvalds' upstream tree on March 12, 2026.
We believe that responsible disclosure requires patience and trust. However, the coordination process for these vulnerabilities extended significantly beyond typical timelines due to multiple rounds of patch review and communication delays with upstream maintainers.
— Qualys TRU Advisory, oss-security mailing list
Track record and what to do now
CrackArmor is the latest in a series of Qualys TRU findings targeting default Linux infrastructure. Previous discoveries include regreSSHion (CVE-2024-6387, OpenSSH remote RCE affecting 14 million servers, July 2024) and Looney Tunables (CVE-2023-4911, glibc privilege escalation, October 2023). The Needrestart LPE cluster followed in November 2024. The CrackArmor advisory credits Jann Horn's Google Project Zero paper "Mitigations are attack surface, too" as inspiration.
A separate sudo bug in the mail notification feature chains with CrackArmor for privilege escalation. The sudo-rs Rust rewrite (default in Ubuntu 25.10+) is immune because it omits mail notifications entirely.
Ubuntu, Debian, SUSE and their derivatives are vulnerable across all supported versions. The full LPE and container escape chain does not apply to Ubuntu 14.04 LTS or 16.04 LTS. Qualys CSAM telemetry puts the exposed surface at 12.6 million enterprise instances with AppArmor on by default.
Patches are available now. Debian published security update version 6.12.74-2 for stable/trixie on March 12. Canonical issued kernel updates and userspace mitigations (for su in util-linux and for sudo) for all supported Ubuntu branches the same day.
SUSE patches are in progress. Canonical recommends applying both kernel and userspace fixes together for full remediation.
No CVE identifiers have been assigned yet. The upstream kernel team typically issues them one to two weeks after a fix lands in a stable branch. Qualys warns in the advisory: "Don't let the absence of a CVE number downplay the significance." Full exploitation chain PoCs were developed but not published. The technical advisory with complete details is available on the Qualys site.
Administrators of Ubuntu, Debian, and SUSE should apply kernel updates immediately. Apply both the kernel patches and the userspace mitigations for su and sudo. Monitor /sys/kernel/security/apparmor/ for unauthorized profile modifications. Kubernetes operators should audit container images and verify that admission controllers block exploitation of AppArmor kernel interfaces. Red Hat, Fedora, and Amazon Linux environments are not at risk.
Have a story? Become a contributor.
We work with independent researchers and cybersecurity professionals. Send us a tip or submit your article for editorial review.
