Qualys researchers have identified nine vulnerabilities in AppArmour that, they say, could let an unprivileged local Linux user gain root access and weaken container isolation on affected systems.
Dubbed CrackArmour, the issues relate to how the Linux kernel handles AppArmour security profiles. Qualys characterised the underlying pattern as a “confused deputy” problem, in which a low-privilege user influences a trusted process to perform an action that would normally be blocked.
AppArmour is a Linux Security Module that enforces mandatory access control by applying profiles to applications. It is enabled by default on several major distributions, including Ubuntu, Debian, and SUSE, and is widely used in cloud and container environments for host hardening and…