This article is our current position statement on recent CVE reports around the AppArmor security module.
Applies to: All SNS EVO Storage Systems
Risk Level: None / Not Applicable
Overview: In March 2026, a suite of nine vulnerabilities (collectively known as "CrackArmor") was disclosed affecting the Linux AppArmor Mandatory Access Control (MAC) system. These include CVE-2026-23268, CVE-2026-23269, and several as-yet-unassigned flaws related to kernel memory corruption and stack exhaustion.
EVO uses a custom-hardened Linux kernel. While the Linux kernel supports AppArmor, EVO does not initialize or use the AppArmor Security Module.
CVE-2026-23268 (Privilege Escalation): NOT AFFECTED.
CVE-2026-23269 (Memory Corruption): NOT AFFECTED.
Customer Action: No action is required. Because the vulnerable code paths are never initialized in the EVO runtime environment, the system remains secure against these specific exploits.