CVE-2026-54228

Summary

A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package validation and allowing crashes of unpackaged binaries to survive post-create processing.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

Workarounds

The following practices would help for avoiding exposure and mitigate this flaw:

  • Disable or remove ABRT if it is not required. On RHEL 8 systems where ABRT is installed, it can be disabled with: systemctl disable –now abrtd.service abrt-journal-core.service abrt-oops.service abrt-xorg.service
  • On Fedora systems, consider using systemd-coredump instead of ABRT for crash handling, as ABRT is being phased out in favor of systemd-coredump
  • Restrict local user access to systems running ABRT, as this vulnerability requires local access

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

abrt: TOCTOU race condition in abrt-dbus SetElement allows arbitrary file writes to dump directories

Additional References

References