Researchers at Qualys’ Threat Research Unit (TRU) have disclosed a set of nine vulnerabilities in AppArmor, a Linux security module used to confine application permissions, warning the issues could expose a large number of enterprise systems.
Qualys has dubbed the vulnerabilities “CrackArmor” and said the issues have existed since 2017. The company estimates more than 12 million enterprise Linux systems could be affected, including deployments running Ubuntu, Debian and SUSE.
According to the disclosure, the vulnerabilities involve a “confused deputy” scenario, where an attacker can manipulate trusted system processes into performing actions on the attacker’s behalf. Qualys said the flaws could enable local privilege escalation to root, container escapes and system crashes.
Qualys also flagged sectors it believes are likely to be impacted because of the prevalence of Linux in production environments, including cloud computing, banking and finance, manufacturing, healthcare, telecommunications, and government and defence.
The company said kernel patching is required to address the issues. Further technical details are published in a Qualys TRU blog post: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root.
