Researchers found nine “CrackArmor” flaws in Linux AppArmor that could allow attackers to gain root access and bypass container isolation.
Cybersecurity researchers have uncovered a set of critical vulnerabilities in the Linux security framework AppArmor that could allow attackers to gain root privileges and bypass container protections.
The nine flaws, collectively dubbed “CrackArmor,” were discovered by the Qualys Threat Research Unit. According to researchers, the vulnerabilities have existed since 2017 and could affect millions of Linux systems worldwide.
AppArmor is a widely used Linux security module that provides mandatory access control (MAC), restricting what programs can access on a system. The framework is enabled by default in several major Linux distributions, including Ubuntu, Debian, and SUSE, making the vulnerabilities particularly significant for enterprise environments and cloud infrastructure.
Researchers say the flaws stem from a “confused deputy” vulnerability that allows unprivileged users to manipulate security profiles through pseudo-files within the system. By exploiting these weaknesses, attackers could bypass user-namespace restrictions and execute arbitrary code inside the kernel.
In practical terms, the attack chain could allow a local attacker to escalate privileges to root, the highest level of system access. The vulnerabilities may also enable additional attacks such as denial-of-service crashes, kernel memory leaks, and bypassing kernel security protections.
Security researchers also warned that the flaws could undermine container isolation, a key security mechanism used in cloud and containerized environments such as Kubernetes. If exploited successfully, attackers might be able to break out of containers and gain control of the underlying host system.
The vulnerabilities affect Linux kernels starting from version 4.11, and researchers estimate that more than 12.6 million enterprise Linux instances may be impacted globally.
Software vendors and Linux maintainers are now releasing patches to address the issues. Security experts are urging administrators to apply kernel updates and related security patches as soon as possible to reduce the risk of exploitation.
Experts warn that the discovery highlights how even long-standing security mechanisms in widely deployed operating systems can contain hidden weaknesses that remain undetected for years.
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
