Linux AppArmor CrackArmor Vulnerabilities: What Network Security Engineers Must Do Now
Nine critical vulnerabilities in Linux AppArmor — collectively dubbed “CrackArmor” by the Qualys Threat Research Unit — allow any unprivileged local user to escalate privileges to root, break container isolation, and crash entire systems. According to Qualys (2026), over 12.6 million enterprise Linux instances run with AppArmor enabled by default, and these flaws have existed since kernel v4.11, released in April 2017. If you run network infrastructure on Ubuntu, Debian, or SUSE — and statistically, many of your appliances do — this is a patch-now situation. ...