Log Overflow Vulnerability in Ubuntu's Apport Logging System
CVE-2022-28654

5.5MEDIUM

Key Information:

Vendor: Canonical Ltd.
Status: Apport
Vendor: CVE Published:; 4 June 2024

Summary

The vulnerability in Ubuntu's Apport logging system arises from the function is_closing_session(), which permits users to manipulate and fill up the apport.log file. Excessive logging can potentially lead to system performance degradation or outright denial of service. Users are advised to monitor and manage their logging configurations to mitigate the impacts of this issue. For more information, refer to the vendor's advisory.

Affected Version(s)

Apport Linux 0 < 2.21.0

References

https://ubuntu.com/security/notices/USN-5427-1

vendor-advisory

https://www.cve.org/CVERecord?id=CVE-2022-28654

issue-tracking

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 4, 2024

Credit

Gerrit Venema