CVE-2025-5054

Summary

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.

When handling a crash, the function _check_global_pid_and_forward, which detects if the crashing process resided in a container, was being called before consistency_checks, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. consistency_checks is now being called before _check_global_pid_and_forward. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).

Affected Software

VendorProductVersion RangeStatus
CanonicalApport2.20.1 < 2.20.1-0ubuntu2.30+esm5affected
CanonicalApport2.20.9 < 2.20.9-0ubuntu7.29+esm1affected
CanonicalApport2.20.11 < 2.20.11-0ubuntu27.28affected
CanonicalApport2.20.11 < 2.20.11-0ubuntu82.7affected
CanonicalApport2.28.1 < 2.28.1-0ubuntu3.6affected
CanonicalApport2.30.0 < 2.30.0-0ubuntu4.3affected
CanonicalApport2.32.0 < 2.32.0-0ubuntu5.1affected
CanonicalApport2.32.0 < 2.33.0-0ubuntu1affected
CanonicalApport2.20 <= 2.32.0affected

Weaknesses

  • CWE-362: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References