apport improperly parses /proc/pid/status
CVE-2021-25682

8.8HIGH

Key Information:

Vendor
Canonical
Status
Apport
Vendor
CVE Published:
11 June 2021

Summary

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

Affected Version(s)

apport 2.20.1 < 2.20.1-0ubuntu2.30

apport 2.20.9 < 2.20.9-0ubuntu7.23

apport 2.20.11-0ubuntu27 < 2.20.11-0ubuntu27.16

References

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/191...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Itai Greenhut
.