DescriptionIn all versions of AppArmor mount rules are accidentally widened when compiled.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs929990

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apparmor (PTS)buster2.13.2-10vulnerable
trixie, sid3.0.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Introduced around AppArmor 2.8 upstream.
Mount rules support is enabled in Debian, but the impact of the issue is
limited to 1. lxc (not a regression, as Debian never confined LXC with AppArmor
by default before buster, in particular not with mount rules), 2. libvirtd
but the profile is not meant to be a strong security boundary.
Fixed by: (v3.0.10)
Negligible security impact / known limitation

Search for package or bug name: Reporting problems