Security researchers at Qualys have disclosed nine vulnerabilities in AppArmor, the Linux Security Module that ships enabled by default across Ubuntu, Debian, and SUSE distributions.
An unprivileged local attacker can exploit the flaws to gain full root access, break out of container isolation, and crash systems, all without requiring administrative credentials, the researchers said in a blog post.
Dubbed “CrackArmor” by the Qualys Threat Research Unit (TRU), the vulnerabilities have existed since Linux kernel version 4.11, released in 2017. Qualys’s own asset management telemetry puts the exposed attack surface at over 12.6 million enterprise Linux instances running AppArmor by default, a figure that grows further when Kubernetes clusters, IoT deployments, and edge environments are counted, the blog post said.
