CrackArmor: Nine Critical Vulnerabilities in AppArmor Allow Unprivileged Users to Escalate to Full Root Privileges

The Qualys Threat Research Unit (TRU) has publicly disclosed a suite of nine vulnerabilities in AppArmor, dubbed "CrackArmor," that affect the Linux Security Module (LSM) responsible for mandatory access control on major distributions including Ubuntu, Debian, and SUSE. 

According to Qualys CyberSecurity Asset Management data, more than 12.6 million enterprise Linux instances run AppArmor enabled by default, all potentially vulnerable until patched. 

At the core of these findings is a fundamental "confused-deputy" problem that allows any unprivileged local user to open AppArmor's world-writable pseudo-files (/sys/kernel/security/apparmor/.load, .replace, and .remove) and, by using a privileged SUID program such as su in PTY mode as a proxy, load, replace, or remove arbitrary AppArmor profiles. This ability enables attackers to weaken system defenses by stripping protection profiles from critical daemons like cupsd and rsyslogd, carry out denial-of-service attacks by loading restrictive "deny all" profiles against services such as sshd, and bypass Ubuntu's unprivileged user-namespace restrictions to create user namespaces with full capabilities. As of publication, no CVE identifiers have been assigned to these vulnerabilities; the process for upstream kernel CVE assignment typically takes one to two weeks after a fix lands in a stable release.

Beyond policy manipulation, Qualys demonstrated that the confused-deputy flaw can be transformed into a full local privilege escalation (LPE) to root in both user space and kernel space. In user space, on a default installation of Ubuntu Server 24.04.3 with the Postfix mail server installed, an attacker can load a custom AppArmor profile that denies the CAP_SETUID capability to Sudo, thereby preventing Sudo from dropping its root privileges before executing Postfix's /usr/sbin/sendmail. By setting the MAIL_CONFIG environment variable to point to an attacker-controlled Postfix configuration in /tmp, a crafted shell script is executed as root instead of the unprivileged user — a classic "fail-open" exploitation scenario. This fail-open condition in Sudo was independently discovered and fixed in November 2025, though the underlying AppArmor flaw that makes it exploitable remained unpatched until now. In kernel space, the ability to load arbitrary profiles exposes additional parsing-related vulnerabilities within AppArmor's kernel code, which Qualys exploited to achieve root through memory corruption techniques.

The nine vulnerabilities span a broad range of kernel-level flaws discovered in AppArmor's profile parsing and management code:

• Confused-deputy problem — Unprivileged users can perform privileged AppArmor policy management operations by tricking SUID-root programs into writing to AppArmor pseudo-files
• Uncontrolled recursion — Deeply nested subprofile hierarchies trigger recursive kernel function calls that exhaust the 16KB kernel stack, crashing the system (denial-of-service)
• Out-of-bounds read (match_char macro) — A side-effect bug in the match_char() macro causes the DFA matching function to read past the end of an 8KB buffer, allowing disclosure of up to 64KB of kernel memory including KASLR-randomized pointers
• Out-of-bounds read (DFA start states) — Invalid DFA start states are not properly validated during profile unpacking
• Out-of-bounds read and write (DEFAULT table) — Missing bounds checks on the DEFAULT table in DFA verification
• Use-after-free — A race condition between opening AppArmor's compressed_size file and concurrent profile removal leads to access of freed aa_loaddata structures in the kmalloc-192 slab cache, exploitable for LPE to root on Ubuntu 24.04.3 and Debian 13.1 despite the CONFIG_RANDOM_KMALLOC_CACHES mitigation
• Double-free — The ns_name variable in aa_replace_profiles() is freed twice when profiles implicitly specify a namespace, exploitable for LPE to root on Debian 13.1 despite the CONFIG_SLAB_BUCKETS mitigation
• Memory leak — Incomplete cleanup in verify_header leads to leaked kernel memory
• Infinite loop — Improper differential encoding verification can cause an infinite loop in the kernel

All Linux kernels since version 4.11 are vulnerable on any distribution that integrates AppArmor, including Ubuntu, Debian, SUSE, and their derivatives. 

Canonical has stated that Ubuntu releases are affected differently and that both kernel security updates and userspace mitigations in the form of security updates for su and sudo should be applied. 

Debian released a security update on March 12, 2026 that addresses the vulnerabilities, while Ubuntu and SUSE are working on similar patches. 

The patches were published upstream in Linus Torvalds's kernel tree on March 12, 2026, following a coordinated disclosure process that began when Qualys first reported the issues to Ubuntu's security team and Canonical's AppArmor developers in July 2025. As a mitigating measure, organizations that cannot immediately patch their kernels should implement monitoring for unexpected changes in /sys/kernel/security/apparmor/ and re-parse all custom AppArmor profiles using the updated apparmor_parser tool. 

Qualys has developed working proof-of-concept exploits demonstrating the full attack chain but is withholding public release to allow patch deployment. Qualys has confirmed that its own products and platforms are not affected by the CrackArmor vulnerabilities.