CVE-2025-5054

Race Condition in Canonical Apport

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).

Qualys discovered a vulnerability in apport (Ubuntu's core-dump handler), and a similar vulnerability in systemd-coredump (which is the default core-dump handler on Red Hat Enterprise Linux 9 and Fedora for example): a race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (by quickly replacing the crashed SUID process with another process, before its /proc/pid/ files are analyzed by the vulnerable core-dump handler). This is older research from 2025 that was missing from the archive.

*Credits: Qualys Threat Research Unit (TRU)

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-05-21 CVE Reserved
2025-05-30 CVE Published
2025-06-09 First Exploit
2025-11-03 CVE Updated
2026-04-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

CAPEC-26: Leveraging Race Conditions

References (5)

URL	Tag	Source
https://ubuntu.com/security/CVE-2025-5054	Vdb Entry
https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt	Third Party Advisory

URL	Date	SRC
https://packetstorm.news/files/id/215332	2026-02-11
https://github.com/daryllundy/cve-2025-5054	2025-06-09

URL	Date	SRC

URL	Date	SRC
https://ubuntu.com/security/notices/USN-7545-1	2025-05-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Apport Search vendor "Canonical" for product "Apport"				>= 2.20.0 <= 2.32.0 Search vendor "Canonical" for product "Apport" and version " >= 2.20.0 <= 2.32.0"		en		Affected