Linux kernel AppArmor confused deputy vulnerabilities CrackArmor security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Researchers disclosed CrackArmor, nine confused deputy flaws in the Linux kernel's AppArmor module that can let unprivileged users bypass protections, gain root, and weaken container isolation. The issue is said to have existed since 2017 and affects Linux kernels since version 4.11 on AppArmor-enabled systems. Qualys is withholding PoC exploits while urging immediate kernel patching.
Related Happenings
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
Vulnerability
H score28
First: 08.07.2026 09:16
Last: 08.07.2026 09:16
Sources 1
About this happening:
Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
VulnerabilityAbout this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
Vulnerability
H score23
First: 03.07.2026 22:40
Last: 03.07.2026 22:40
Sources 1
About this happening:
**Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)
VulnerabilityAbout this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...
Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)
Vulnerability
H score30
First: 26.06.2026 16:00
Last: 26.06.2026 16:00
Sources 1
About this happening:
A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...
Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)
VulnerabilityAbout this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
Vulnerability
H score29
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
VulnerabilityAbout this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel nf_tables use-after-free security flaw (CVE-2026-23111)
Vulnerability
H score24
First: 08.06.2026 23:17
Last: 08.06.2026 23:17
Sources 1
About this happening:
A **Linux kernel nf_tables** **use-after-free** in **CVE-2026-23111** is now publicly exploitable, putting systems at **local root** and **container-breakout** risk. **Upstream pa...
Linux kernel nf_tables use-after-free security flaw (CVE-2026-23111)
VulnerabilityAbout this happening: A **Linux kernel nf_tables** **use-after-free** in **CVE-2026-23111** is now publicly exploitable, putting systems at **local root** and **container-breakout** risk. **Upstream pa...
Timeline
-
13.03.2026 10:18 3 articles · 3mo ago
Qualys discloses CrackArmor AppArmor vulnerabilities
Initial DisclosureQualys Threat Research Unit disclosed nine confused deputy vulnerabilities in the Linux kernel's AppArmor module, collectively named CrackArmor, that can let unprivileged users bypass kernel protections, manipulate security profiles via pseudo-files, create fully capable user namespaces, escalate to root, trigger denial of service, and undermine container isolation. The flaws are said to have existed since 2017, affect Linux kernels since version 4.11 on AppArmor-enabled distributions, and have no assigned CVE identifiers; Qualys is withholding proof-of-concept exploits while urging immediate kernel patching.
Show sources
- Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation — thehackernews.com — 13.03.2026 10:18
- Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation — thehackernews.com — 13.03.2026 10:18
- CrackArmor Flaws Expose Linux Systems to Privilege Escalation — www.infosecurity-magazine.com — 16.03.2026 16:00