Linux security layer extremely vulnerable: 12.6 million systems affected

techzine.eu · robtherobber · 14 days ago · view on HN · authentication
0 net
Tags
dos exploit facebook kubernetes malware privilege-escalation
Linux security layer extremely vulnerable: 12.6 million systems affected - Techzine Global Nine critical vulnerabilities have been found in AppArmor, a Linux Security Module standard on Ubuntu, Debian, and SUSE. Together, they are referred to as CrackArmor. The vulnerabilities allow unauthorized users to bypass kernel protections, obtain root privileges, and break container isolation. This was discovered by researchers at Qualys . Together, they form the so-called CrackArmor advisory. The flaws have existed since 2017 (kernel version v4.11) and affect more than 12.6 million enterprise Linux instances worldwide . AppArmor is the standard Mandatory Access Control mechanism for Ubuntu, Debian, and SUSE. It is widely used in cloud environments, Kubernetes, IoT, and edge infrastructure. How the attack works The vulnerabilities exploit a confused deputy attack. An unauthorized user can manipulate a privileged process to perform actions on their behalf, without having the necessary rights themselves. Specifically, attackers abuse tools such as Sudo or Postfix to modify AppArmor profiles via pseudo-files such as /sys/kernel/security/apparmor/.load and .replace. This bypasses user-namespace restrictions and allows arbitrary code to run in the kernel. Consequences include local privilege escalation (LPE) to root, denial-of-service via stack exhaustion, and KASLR bypasses via out-of-bounds reads. Container isolation is also no longer guaranteed as a result. Qualys TRU has developed Proof of Concept exploits that demonstrate the entire attack chain. These are not being released publicly, but have been shared with the relevant security teams to speed up patching. “CrackArmor proves that even the most entrenched protections can be bypassed without admin credentials. For CISOs, this means patching alone isn’t enough; we must re-examine our entire assumption of what ‘default’ configurations mean for our infrastructure,” said Dilip Bachwani, CTO of Qualys. All Linux kernels from v4.11 onwards are vulnerable on distributions that integrate AppArmor. Debian released a security update on March 12, 2026 that addresses the vulnerabilities. Ubuntu and SUSE are working on similar patches. Qualys recommends applying vendor kernel patches immediately and setting up monitoring on /sys/kernel/security/apparmor/ for unauthorized profile changes. Tip : Linux kernel to move to version 7.0 after release of 6.19 Editor picks Cisco and Nvidia lower barrier to secure, full-stack AI infrastructure Nvidia and Cisco are integrating more deeply and broadly Oracle Releases Java 26: AI, Security, and the Java Verified Portfolio As is customary during its JavaOne conference, Oracle is releasing a ... The European data center market is a puzzle with an increasing number of pieces Schneider Electric sees opportunities and challenges Identity has become malleable for cyber attackers Although cyber attackers prefer to target unprepared victims, they ha... Techzine.tv IFS builds an industrial AI ecosystem through partnerships How Cisco's AI Canvas is revolutionizing network troubleshooting AFX is NetApp's data platform of the future with integrated AI data prep Salesforce reveals its own Agentic IT Service Platform Read more on Security Top story AI agents are the perfect insider Agentic AI poses a new and growing threat to corporate networks. Palo Alto Networks believes this threat is p... Berry Zwets March 12, 2026 Cohesity embeds Sophos malware scanning in Data Cloud Cohesity has integrated 'next-generation' malware scanning powered by Sophos directly into Cohesity Data Clou... Erik van Klinken 11 hours ago AI agent error leads to data breach at Meta Meta has experienced an internal security incident in which an AI agent played a role in temporarily exposing... Mels Dees 9 hours ago Top story Identity has become malleable for cyber attackers Although cyber attackers prefer to target unprepared victims, they have the means to strike even maturely def... Erik van Klinken 2 days ago Expert Talks Better connected business technology is essential for prosperity in the Netherlands According to PwC, the Netherlands ranks fourth in Europe for producin... The zero-drift frontier: modern edge demands on Kubernetes Edge computing has come to the fore. Too often, edge computing gets c... When is an SBOM not an SBOM? CISA’s Minimum Elements In August 2025, CISA (the US Cybersecurity Infrastructure & Infra... Sovereign: the new normal for AI and cloud native (and how to make it work) As we head into KubeCon 2026 in Amsterdam, the word we keep hearing i... Tech calendar De IT Afdeling van de toekomst March 31, 2026 Naaldwijk GITEX ASIA 2026 April 8, 2026 Singapore GITEX ASIA 2026 April 9, 2026 Singapore Southeast Asia AI Application Summit 2026 April 23, 2026 Bangkok SAS Innovate 2026 April 27, 2026 Grapevine Team '26 May 5, 2026 Anaheim Whitepapers Experience Synology’s latest enterprise backup solution How do you ensure your company data is both secure and quickly recove... How to choose the right Enterprise Linux platform? "A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo... Enhance your data protection strategy for 2025 The Data Protection Guide 2025 explores the essential strategies and... Strengthen your cybersecurity with DNS best practices The white paper "DNS Best Practices" by Infoblox presents essential g...
← Back to stories