Apport Vulnerability Allows Arbitrary Socket Connections as Root
CVE-2022-1242

7.8HIGH

Key Information:

Vendor: Canonical Ltd.
Status: Apport
Vendor: CVE Published:; 3 June 2024

Summary

The vulnerability in Ubuntu's Apport allows a potential attacker to exploit unprivileged applications by tricking Apport into connecting to arbitrary sockets with root user privileges. This could lead to unauthorized access to sensitive data or system resources, as the vulnerability undermines the integrity of user permissions. Users of affected versions should apply the necessary security updates to mitigate the risks associated with this vulnerability, ensuring stronger protection against exploitation attempts.

Affected Version(s)

Apport Linux 0 < 2.21.0

References

https://ubuntu.com/security/notices/USN-5427-1

vendor-advisory

https://www.cve.org/CVERecord?id=CVE-2022-1242

issue-tracking

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2024
Vulnerability Reserved
Apr 5, 2022

Credit

Gerrit Venema