AppArmor CrackArmor mitigation guidance
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Qualys issued urgent mitigation guidance for CrackArmor, telling organizations to update Linux kernel packages immediately to reduce risk from the AppArmor flaws. The advisory matters because the issue can enable root access, protections bypass, and service outages across millions of Linux systems. Defenders were also told to scan for vulnerable hosts and watch AppArmor profile directories for tampering.
Related Happenings
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
Vulnerability
H score28
First: 08.07.2026 09:16
Last: 08.07.2026 09:16
Sources 1
About this happening:
Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel GhostLock root privilege escalation (CVE-2026-43499)
VulnerabilityAbout this happening: Researchers disclosed **GhostLock (CVE-2026-43499)**, a **Linux kernel** use-after-free that can let a **logged-in local user** gain **full root control** on unpatched systems. Th...
Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)
Vulnerability
H score30
First: 26.06.2026 16:00
Last: 26.06.2026 16:00
Sources 1
About this happening:
A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...
Linux kernel act_pedit out-of-bounds write security flaw (CVE-2026-46331)
VulnerabilityAbout this happening: A **Linux kernel** traffic-control flaw, **CVE-2026-46331**, lets a **local unprivileged user** gain **root** by abusing an **out-of-bounds write** in **act_pedit**. A **public wo...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
Vulnerability
H score29
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel DirtyClone privilege escalation (CVE-2026-43503)
VulnerabilityAbout this happening: **CVE-2026-43503** in the **Linux kernel** gives a local user a path to **root** on affected systems, including **multi-tenant servers**, **CI runners**, **container hosts**, and...
Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw
Vulnerability
H score31
First: 30.05.2026 17:16
Last: 30.05.2026 17:16
Sources 1
About this happening:
The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...
Linux kernel CIFS subsystem CIFSwitch local privilege escalation privilege-escalation flaw
VulnerabilityAbout this happening: The **Linux kernel CIFS subsystem** has a disclosed **CIFSwitch** local privilege-escalation flaw that can let an **unprivileged local attacker** reach **root privileges** by abus...
Latest development: 01.06.2026 14:19
Major Linux distributions rolled out fixes for the CIFSwitch Linux kernel CIFS privilege-escalation flaw, and Manizada published PoC code to help defenders validate patches, mitigations, detections, and exposure. Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP systems that ship cifs-utils by default are vulnerable, and some distros are vulnerable only if cifs-utils was manually installed.
Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)
Vulnerability
H score15
First: 20.05.2026 13:52
Last: 20.05.2026 13:52
Sources 1
About this happening:
**PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...
Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)
VulnerabilityAbout this happening: **PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...
Timeline
-
16.03.2026 16:00 2 articles · 3mo ago
CrackArmor disclosure and urgent kernel patching
Mitigation Patch UpdateQualys disclosed CrackArmor, a set of nine AppArmor vulnerabilities in the Linux kernel, and warned that an unprivileged local attacker on AppArmor-enabled systems could gain root access, bypass protections, crash systems, or disrupt services. Qualys urged organizations to apply vendor kernel updates immediately, scan for vulnerable hosts, and monitor AppArmor profile directories for suspicious modifications.
Show sources
- CrackArmor Flaws Expose Linux Systems to Privilege Escalation — www.infosecurity-magazine.com — 16.03.2026 16:00
- CrackArmor Flaws Expose Linux Systems to Privilege Escalation — www.infosecurity-magazine.com — 16.03.2026 16:00