‘CrackArmor’ Exposes Nine Vulnerabilities in Linux AppArmor

The Qualys Threat Research Unit (TRU) has identified nine vulnerabilities in AppArmor, a Linux Security Module.

The vulnerability has been present since 2017 (version v4.11). AppArmor is the default mandatory access control system for Ubuntu, Debian, SUSE, and several cloud platforms. Its presence in all these systems and its use in all these platforms make the threat landscape much wider.

This vulnerability, disclosed in the “CrackArmor” advisory, is a confused deputy vulnerability. It allows unprivileged users to manipulate security profiles via pseudo-files and to execute arbitrary kernel code.

These weaknesses, in turn, lead to local privilege escalation to the root account through intricate interactions with tools like Sudo and Postfix, as well as denial-of-service via stack exhaustion and a Kernel Address Space Layout Randomization bypass via out-of-bounds reads.

In essence, the above discoveries reveal the shortcomings in our dependency on default security assumptions, which essentially undermine the confidentiality, integrity ...