[apparmor] AppArmor user's please update your kernels immediately
John Johansen
john.johansen at canonical.com
Fri Mar 13 02:53:27 UTC 2026
Qualys has performed a security audit on AppArmor, and discovered
several issues, covered the the following advisories
https://ubuntu.com/security/vulnerabilities/crackarmor
https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt
There is a local privilege escalation that can only be
fully addressed by either updating your kernel or disabling apparmor.
patches have been merged into the main line kernel,
8e135b8aee5a0 apparmor: fix race between freeing data and fs accessing it
a0b7091c4de45 apparmor: fix race on rawdata dereference
39440b137546a apparmor: fix differential encoding verification
6601e13e82841 apparmor: fix unprivileged local user can do privileged policy management
5df0c44e8f5f6 apparmor: Fix double free of ns_name in aa_replace_profiles()
d352873bbefa7 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
8756b68edae37 apparmor: fix side-effect bug in match_char() macro usage
306039414932c apparmor: fix: limit the number of levels of policy namespaces
ab09264660f9d apparmor: replace recursive profile removal with iterative approach
e38c55d9f834e apparmor: fix memory leak in verify_header
9063d7e2615f4 apparmor: validate DFA start states are in bounds in unpack_pdb
backports have also been sent to the linux-distros security lists, and
the patches are rolling out to the stable, and long term release trees
Many distros already have kernel updates available.
We would like to thank Qualys for the initial report and their detailed
and tireless work on this.
The Linux kernel security team, the linux distros list for its support,
and the distros and individuals who providing testing, review and
feedback. There have been many people who have worked tirelessly to
fix, test, debug, and coordinate these updates to address these issues.
More information about the AppArmor
mailing list