CVE-2025-5054 Affecting apport package, versions <2.20.9-0ubuntu7.29+esm1
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UBUNTU1804-APPORT-10292680
- published3 Jun 2025
- disclosed30 May 2025
Introduced: 30 May 2025
NewCVE-2025-5054 (opens in a new tab)How to fix?
Upgrade Ubuntu:18.04 apport to version 2.20.9-0ubuntu7.29+esm1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream apport package and not the apport package as distributed by Ubuntu.
See How to fix? for Ubuntu:18.04 relevant fixed versions and status.
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.
When handling a crash, the function _check_global_pid_and_forward, which detects if the crashing process resided in a container, was being called before consistency_checks, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. consistency_checks is now being called before _check_global_pid_and_forward. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).