Qualys researchers disclosed nine privilege escalation vulnerabilities in Linux AppArmor, collectively named CrackArmor, affecting Linux kernel 4.11 and later across an estimated 12.6 million enterprise Linux instances including Ubuntu, Debian, and SUSE (per Qualys researcher disclosure). An unprivileged local user can exploit these flaws to gain root access, escape container isolation, and bypass kernel address randomization, undermining a foundational security control across containerized workloads and multi-tenant environments. Vendor patches are available as of March 2026; no CVE identifiers have been assigned, which blocks automated scanner detection and requires manual triage and patching.