CVE-2025-5054
Published: May 30, 2025
Modified: Nov 3, 2025
CVSS v3.1
4.7
Description
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
| Vendor | Product | Versions |
|---|---|---|
Canonical | Apport | affected 2.20.1 - < 2.20.1-0ubuntu2.30+esm5affected 2.20.9 - < 2.20.9-0ubuntu7.29+esm1affected 2.20.11 - < 2.20.11-0ubuntu27.28affected 2.20.11 - < 2.20.11-0ubuntu82.7affected 2.28.1 - < 2.28.1-0ubuntu3.6+4 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now