DigiNews

Tech Watch by Johan Denoyer

← Back to articles

CrackArmor: Multiple vulnerabilities in AppArmor

Quality: 8/10 Relevance: 9/10

Summary

Qualys exposes a set of nine vulnerabilities in AppArmor, including a confused-deputy flaw that allows unprivileged users to load, replace, and remove profiles, enabling potential local privilege escalations to root. The advisory details both user-space and kernel-space vulnerabilities (recursion, out-of-bounds read, use-after-free, and double-free) with implications for Ubuntu, Debian, and SUSE systems, along with a timeline for disclosure and patch progress. While no CVEs are assigned yet, the findings underscore the need for prompt patching and mitigations across affected environments.

🚀 Service construit par Johan Denoyer