Skip to main content

Ubuntu Linux CVE-2025-5054

MEDIUM
Race Condition (CWE-362)
2025-05-30 security@ubuntu.com
Denial Of Service Race Condition Canonical Ubuntu Linux Apport
4.7
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:44 vuln.today
PoC Detected
Nov 03, 2025 - 20:19 vuln.today
Public exploit code
CVE Published
May 30, 2025 - 18:15 nvd
MEDIUM 4.7

DescriptionNVD

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.

When handling a crash, the function _check_global_pid_and_forward, which detects if the crashing process resided in a container, was being called before consistency_checks, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. consistency_checks is now being called before _check_global_pid_and_forward. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).

AnalysisAI

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-362. Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function _check_global_pid_and_forward, which detects if the crashing process resided in a container, was being called before consistency_checks, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. consistency_checks is now being called before _check_global_pid_and_forward. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1). Affected products include: Canonical Apport, Canonical Ubuntu Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-49238 HIGH
8.4 May 28

Virtual machine escape in Canonical Multipass before 1.16.3 allows a root user inside a guest VM to read arbitrary files
CVE-2026-49237 HIGH
7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r
CVE-2026-42790 HIGH
7.6 May 27

TLS server impersonation in Erlang/OTP's public_key library lets a name-constrained subordinate CA forge a trusted ident
CVE-2026-42462 HIGH
7.0 May 26

Here is the multi-source synthesis for CVE-2026-42462: ```json { "product_name": "Fedify", "summary": "Linked Data

CVE-2026-47674 MEDIUM
5.3 May 28

IP restriction bypass in Hono's ip-restriction middleware (hono/ip-restriction) prior to version 4.12.21 allows unauthen

Share

CVE-2025-5054 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy