Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Linux kernel AppArmor confused deputy vulnerabilities CrackArmor security flaw

Vulnerability
First reported
Last updated
Happening score
H score 0
2 unique sources, 2 articles

Summary

Hide ▲

Researchers disclosed CrackArmor, nine confused deputy flaws in the Linux kernel's AppArmor module that can let unprivileged users bypass protections, gain root, and weaken container isolation. The issue is said to have existed since 2017 and affects Linux kernels since version 4.11 on AppArmor-enabled systems. Qualys is withholding PoC exploits while urging immediate kernel patching.

Related Happenings

Linux kernel improper privilege management flaw (CVE-2026-46333)

Vulnerability
First: 21.05.2026 10:35 Last: 21.05.2026 10:35 Sources 1

About this happening: A **Linux kernel** privilege-management flaw, **CVE-2026-46333**, can let **unprivileged local users** on **Debian, Fedora, and Ubuntu** disclose **/etc/shadow** and **SSH host ke...

Open Happening

Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)

Vulnerability
First: 20.05.2026 13:52 Last: 20.05.2026 13:52 Sources 1

About this happening: **PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...

Open Happening

Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)

Vulnerability
First: 18.05.2026 10:18 Last: 18.05.2026 10:18 Sources 1

About this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...

Open Happening

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Open Happening

Berz0k advertises zero-day Linux LPE exploit for sale

Threat Actor Meta
First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **berz0k** is advertising a **zero-day Linux LPE exploit** for **$170,000** on **cybercrime forums**, signaling active monetization of root-level access in the exploit market. The...

Open Happening

Timeline

  1. 13.03.2026 10:18 3 articles · 2mo ago

    Qualys discloses CrackArmor AppArmor vulnerabilities

    Initial Disclosure

    Qualys Threat Research Unit disclosed nine confused deputy vulnerabilities in the Linux kernel's AppArmor module, collectively named CrackArmor, that can let unprivileged users bypass kernel protections, manipulate security profiles via pseudo-files, create fully capable user namespaces, escalate to root, trigger denial of service, and undermine container isolation. The flaws are said to have existed since 2017, affect Linux kernels since version 4.11 on AppArmor-enabled distributions, and have no assigned CVE identifiers; Qualys is withholding proof-of-concept exploits while urging immediate kernel patching.

    Show sources
    Open in new tab