Find notable cyber news and cases, enriched with sources, timelines, and signals.

Linux kernel AppArmor confused deputy vulnerabilities CrackArmor security flaw

Vulnerability
First reported
Last updated
Happening score
H score 56
2 unique sources, 2 articles

Summary

Hide ▲

Researchers disclosed CrackArmor, nine confused deputy flaws in the Linux kernel's AppArmor module that can let unprivileged users bypass protections, gain root, and weaken container isolation. The issue is said to have existed since 2017 and affects Linux kernels since version 4.11 on AppArmor-enabled systems. Qualys is withholding PoC exploits while urging immediate kernel patching.

Related Happenings

Linux kernel GhostLock root privilege escalation (CVE-2026-43499)

Vulnerability
H score28 First: 08.07.2026 09:16 Last: 08.07.2026 09:16 Sources 1

About this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...

Linux kernel Bad Epoll use-after-free privilege-escalation flaw (CVE-2026-46242)

Vulnerability
H score23 First: 03.07.2026 22:40 Last: 03.07.2026 22:40 Sources 1

About this happening: **Bad Epoll (CVE-2026-46242)** is a newly disclosed **Linux kernel** use-after-free flaw that can let an **unprivileged local user** gain **root** on affected systems. It affects...

Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)

Vulnerability
H score30 First: 26.06.2026 16:00 Last: 26.06.2026 16:00 Sources 1

About this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...

Linux kernel DirtyClone privilege escalation (CVE-2026-43503)

Vulnerability
H score29 First: 26.06.2026 14:51 Last: 26.06.2026 14:51 Sources 1

About this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...

Linux kernel nf_tables use-after-free security flaw (CVE-2026-23111)

Vulnerability
H score24 First: 08.06.2026 23:17 Last: 08.06.2026 23:17 Sources 1

About this happening: A **Linux kernel nf_tables** **use-after-free** in **CVE-2026-23111** is now publicly exploitable, putting systems at **local root** and **container-breakout** risk. **Upstream pa...

Timeline

  1. 13.03.2026 10:18 3 articles · 3mo ago

    Qualys discloses CrackArmor AppArmor vulnerabilities

    Initial Disclosure

    Qualys Threat Research Unit disclosed nine confused deputy vulnerabilities in the Linux kernel's AppArmor module, collectively named CrackArmor, that can let unprivileged users bypass kernel protections, manipulate security profiles via pseudo-files, create fully capable user namespaces, escalate to root, trigger denial of service, and undermine container isolation. The flaws are said to have existed since 2017, affect Linux kernels since version 4.11 on AppArmor-enabled distributions, and have no assigned CVE identifiers; Qualys is withholding proof-of-concept exploits while urging immediate kernel patching.

    Show sources