CVE-2025-5054

CWE-362Race ConditionCWE-3319 documents8 sources
Severity
4.7MEDIUM
EPSS
0.0%
top 91.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical ApportCanonical Ubuntu Linux
Timeline
PublishedMay 30
Latest updateAug 6

Description

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport c

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

CVEListV5canonical/apport2.20.12.20.1-0ubuntu2.30+esm5+8
NVDcanonical/apport2.32.0
Ubuntuapport< 2.20.11-0ubuntu27.28+4

Also affects: Ubuntu Linux 16.04, 18.04, 20.04, 22.04, 24.04, 24.10, 25.04

🔴Vulnerability Details

4
GHSA
The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended2025-08-06
CVEList
Race Condition in Canonical Apport2025-05-30
GHSA
GHSA-4c8w-67qj-c8vp: Race condition in Canonical apport up to and including 22025-05-30
OSV
CVE-2025-5054: Race condition in Canonical apport up to and including 22025-05-29

📋Vendor Advisories

1
Ubuntu
Apport vulnerability2025-05-29

🕵️Threat Intelligence

3
Schneier
New Linux Vulnerabilities2025-06-03
Qualys
Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598 | Qualys2025-05-29
Qualys
Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-45982025-05-29
CVE-2025-5054 (MEDIUM CVSS 4.7) | Race condition in Canonical apport | cvebase.io