Ubuntu flags AppArmor LSM flaws in AWS FIPS kernels enabling profile tampering and local DoS
Published Mar 24, 2026, 8:11 PM UTC
Key entities
TLDR
Immediately identify workloads using AWS FIPS Linux kernels and apply the USN-8121-1 updates; monitor for AppArmor profile load/replace/remove events and consider limiting multi-tenant or file-sharing exposure until patched.
Why this matters
Scope of impact: Because the notice targets the AWS FIPS kernel build, images and appliances derived from AWS FIPS-optimized kernels likely inherit exposure until rebuilt with patched kernels (inference;
What changed
- Ubuntu issued USN-8121-1 for Linux kernel (AWS FIPS), citing AppArmor LSM vulnerabilities discovered by Qualys that allow unprivileged local attackers to load, replace, and remove arbitrary AppArmor profiles, leading to denial of service and possible exposure of sensitive information.
Topic context
Use this page when you need a tighter view of zero-days, ransomware, outage-linked cyber risk, and critical-infrastructure incidents without reading every advisory feed directly. Key angles: ransomware, zero-day, cve-, vulnerability.
Summary
Ubuntu’s USN-8121-1 discloses AppArmor LSM vulnerabilities in AWS FIPS Linux kernels, enabling unprivileged local attackers to load, replace, or remove arbitrary AppArmor profiles, potentially causing denial of service and sensitive information exposure. This elevates risk for AWS FIPS-optimized images and any appliances derived from them until patches are applied and validated.