Qualys has performed a security audit on AppArmor, and discovered several issues, covered the the following advisories
https://ubuntu.com/security/vulnerabilities/crackarmor https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt There is a local privilege escalation that can only be fully addressed by either updating your kernel or disabling apparmor. patches have been merged into the main line kernel, 8e135b8aee5a0 apparmor: fix race between freeing data and fs accessing it a0b7091c4de45 apparmor: fix race on rawdata dereference 39440b137546a apparmor: fix differential encoding verification 6601e13e82841 apparmor: fix unprivileged local user can do privileged policy management 5df0c44e8f5f6 apparmor: Fix double free of ns_name in aa_replace_profiles() d352873bbefa7 apparmor: fix missing bounds check on DEFAULT table in verify_dfa() 8756b68edae37 apparmor: fix side-effect bug in match_char() macro usage 306039414932c apparmor: fix: limit the number of levels of policy namespaces ab09264660f9d apparmor: replace recursive profile removal with iterative approach e38c55d9f834e apparmor: fix memory leak in verify_header 9063d7e2615f4 apparmor: validate DFA start states are in bounds in unpack_pdb backports have also been sent to the linux-distros security lists, and the patches are rolling out to the stable, and long term release trees Many distros already have kernel updates available. We would like to thank Qualys for the initial report and their detailed and tireless work on this. The Linux kernel security team, the linux distros list for its support, and the distros and individuals who providing testing, review and feedback. There have been many people who have worked tirelessly to fix, test, debug, and coordinate these updates to address these issues.
