CVE Alert: CVE-2025-5054
Vulnerability Summary: CVE-2025-5054
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
Affected Endpoints:
No affected endpoints listed.
Published Date:
5/30/2025, 6:15:32 PM
⚠️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://ubuntu.com/security/CVE-2025-5054
- https://ubuntu.com/security/notices/USN-7545-1
- https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
