Apport reads PID files with elevated privileges
Description
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apport's privileged /proc/pid access can be exploited via PID recycling to leak ASLR offsets of privileged processes.
Vulnerability
Apport, an automatic crash report tool, reads and writes information on a crashed process to /proc/pid with elevated privileges. The vulnerability lies in the get_pid_info() function in data/apport, which determines the user of the crashed process by reading /proc/pid. An unprivileged user can exploit PID recycling to read information about a privileged running process. Affected versions include those prior to fixes in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22, and 2.14.1-0ubuntu3.29+esm3.
Exploitation
An attacker needs local unprivileged access to the system. By exploiting PID recycling, the attacker can cause Apport to read /proc/pid of a privileged process. The attacker can then obtain the contents of /proc/pid (e.g., maps, environ) which contain ASLR offsets.
Impact
Successful exploitation allows an attacker to obtain ASLR offsets for a privileged process. This information can be used in conjunction with an existing memory corruption vulnerability to bypass ASLR and achieve code execution.
Mitigation
The vulnerability is fixed in Apport versions 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22, and 2.14.1-0ubuntu3.29+esm3. Users should update to the patched versions. No workaround is available. The initial fix introduced regressions that were later resolved in the same updates.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < various fixed versions (2.20.11-0ubuntu16 etc.)
- Range: 2.14.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.htmlmitre
- bugs.launchpad.net/apport/+bug/1854237mitre
- bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795mitre
- bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929mitre
- bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806mitre
- usn.ubuntu.com/4171-1/mitre
- usn.ubuntu.com/4171-2/mitre
- usn.ubuntu.com/4171-3/mitre
- usn.ubuntu.com/4171-4/mitre
- usn.ubuntu.com/4171-5/mitre
News mentions
0No linked articles in our index yet.