AppArmor

CVEs related to bugs in AppArmor

Open bugs

Bug	CVE(s)
Bug #1383886: disable sha-1 hashing for policy for Ubuntu Touch	CVE-2014-8134
AppArmor	In progress, assigned to John Johansen
Bug #1496430: Docker-1.8.2 can't create container, due to apparmor denying 'disconnected path'	CVE-2015-2925 CVE-2015-5156 CVE-2015-5257 CVE-2015-6937 CVE-2015-7312
AppArmor	In progress, assigned to John Johansen
Bug #1648903: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command	CVE-2017-5986 CVE-2017-6353
AppArmor	In progress, assigned to John Johansen
Bug #1656121: unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace	CVE-2017-5986 CVE-2017-6353 CVE-2017-7184
AppArmor	Confirmed (unassigned)
Bug #1658219: flock not mediated by 'k'	CVE-2017-7184
AppArmor	In progress, assigned to John Johansen
Bug #1677959: change_profile incorrect when using namespaces with a compound stack	CVE-2017-7308
AppArmor	New (unassigned)
Bug #1780534: Default usr.lib.ipsec.stroke profile causes segfault for 'ipsec status'	CVE-2018-16151 CVE-2018-16152 CVE-2018-17540
AppArmor	New (unassigned)

Resolved bugs

Bug	CVE(s)
Bug #789409: /proc/[PID]/attr/current overwrite Null pointer dereference	CVE-2011-0716 CVE-2011-1162 CVE-2011-1576 CVE-2011-1759 CVE-2011-1927 CVE-2011-2182 CVE-2011-2203 CVE-2011-2498 CVE-2011-2518 CVE-2011-3353 CVE-2011-3619 CVE-2011-4110 CVE-2011-4622 CVE-2012-0038 CVE-2012-0044
AppArmor	Fix released, assigned to Kees Cook
Bug #1236455: Running tasks are not subject to reloaded policies	CVE-2013-2929
AppArmor	Fix released (unassigned)
Bug #1590561: webbrowser-app crashes on startup on fresh zesty Unity8: No suitable EGL configs found	CVE-2017-6507
AppArmor	Fix released, assigned to Olivier Tilloy
Bug #1597017: mount rules grant excessive permissions	CVE-2016-1585
AppArmor	Fix released (unassigned)
Bug #1634753: srcname from mount rule corrupted under load	CVE-2016-5195 CVE-2016-7425 CVE-2016-8658
AppArmor	Invalid by John Johansen
Bug #1668892: CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles	CVE-2017-6507
AppArmor	Fix released, assigned to juan serven
Bug #1824812: apparmor does not start in Disco LXD containers	CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-3620 CVE-2018-3639 CVE-2018-3646 CVE-2019-11683 CVE-2019-1999 CVE-2019-3874 CVE-2019-3882 CVE-2019-3887 CVE-2019-9500 CVE-2019-9503
AppArmor	Fix released (unassigned)
Bug #2016908: udev fails to make prctl() syscall with apparmor=0 (as used by maas by default)	CVE-2023-1380 CVE-2023-2612 CVE-2023-30456 CVE-2023-31436 CVE-2023-32233
AppArmor	Fix released (unassigned)