Apport Vulnerability Allows Arbitrary Socket Connections as Root
CVE-2022-1242

7.8HIGH

Key Information:

Status
Vendor
CVE Published:
3 June 2024

Summary

The vulnerability in Ubuntu's Apport allows a potential attacker to exploit unprivileged applications by tricking Apport into connecting to arbitrary sockets with root user privileges. This could lead to unauthorized access to sensitive data or system resources, as the vulnerability undermines the integrity of user permissions. Users of affected versions should apply the necessary security updates to mitigate the risks associated with this vulnerability, ensuring stronger protection against exploitation attempts.

Affected Version(s)

Apport Linux 0 < 2.21.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gerrit Venema
.