Debian DSA-6162-1 reports Linux kernel vulnerabilities affecting privilege escalation, denial of service, or information disclosure, including AppArmor issues. For Debian Trixie, the advisory says the fixes are in 6.12.74-2; operators should verify package state and plan a reboot where the running kernel remains old.
What does DSA-6162-1 actually say?
The advisory is dated March 12, 2026 and names multiple CVEs. It attributes several AppArmor vulnerabilities to Qualys research and recommends upgrading the Linux packages. The Debian Security Tracker remains the place to check detailed status.
An advisory describes a package and release state; it does not prove that a particular host is exploitable or that a running service is reachable from the internet.
What should Trixie operators verify?
- The host is actually running Debian Trixie.
- The installed
linuxpackages meet the fixed version stated by Debian. - The running kernel matches the intended package after maintenance.
- AppArmor is enabled and the expected profiles are loaded, where applicable.
- Provider console or other recovery access exists before a reboot.
Treat package installation and activation as separate checkpoints. A new kernel package does not replace the running kernel until the system boots into it.
What is the operational response?
Prioritize the update according to exposure, privilege boundaries, and recovery readiness. Schedule the reboot deliberately, record the maintenance window, and verify service health afterward. If a host cannot be safely rebooted, document that exception rather than treating “installed” as “active.”
For the broader update workflow, see Debian package and reboot triage.