Overview
- Nine confused-deputy vulnerabilities in AppArmor let unprivileged users manipulate security profiles via pseudo-files and execute code in the kernel.
- The weaknesses date to 2017 and affect Linux kernels from 4.11 across distributions that enable AppArmor by default, including Ubuntu, Debian and SUSE.
- Researchers say user-namespace restrictions can be bypassed to achieve local privilege escalation to root and to break container isolation.
- Qualys also details denial-of-service via stack exhaustion and KASLR disclosure through out-of-bounds reads, increasing the risk of exploit chains.
- No CVE identifiers have been assigned, and administrators are advised to deploy vendor kernel fixes as they become available to protect an estimated 12.6 million enterprise systems.