apport can be stalled by reading a FIFO
Description
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local privilege escalation in Apport on Ubuntu 20.04/18.04 via crafted core dump files allowing arbitrary uid/gid injection and PID recycling.
Vulnerability
Multiple vulnerabilities were discovered in Apport on Ubuntu 20.04 and 18.04 default installations. The first issue (CVE-2021-25684) exists in the get_pid_info function, which reads /proc/[pid]/status to obtain the real UID and GID. By crashing a process with a file name containing a carriage return and the string Uid: 0 and Gid: 0 (e.g., a\rUid: 0\rGid: 0), an attacker can inject these values into the Name field of /proc/[pid]/status, causing Apport to read UID and GID as 0 and subsequently fail to drop privileges in the drop_privileges function [1]. The second issue involves a bypass of the get_process_starttime check: Apport compares the process start time from /proc/[pid]/stat to a stored value, but a filename containing a space can cause incorrect parsing, allowing PID recycling attacks [1]. The third issue allows delaying Apport's get_pid_info by 30 seconds, enabling PID reuse with a SUID process [1].
Exploitation
An unprivileged local attacker needs the ability to trigger a core dump with a controlled process name and to race Apport's PID-based checks. The attacker crafts a process whose command line includes carriage return characters to inject Uid: 0 and Gid: 0 into the /proc/[pid]/status file. By crashing this process, Apport reads the injected values, setting real_uid and real_gid to 0. Additionally, by exploiting the start time bypass using a space in the filename, the attacker can recycle a PID and reuse it for a SUID binary, further escalating privileges. Chaining these issues allows an unprivileged user to bypass Apport's privilege dropping and write a core dump as root [1].
Impact
Successful exploitation allows an unprivileged local attacker to achieve privilege escalation to root. The attacker can bypass Apport's security checks and write a crafted core dump file with root privileges, potentially leading to full system compromise [1].
Mitigation
The vulnerabilities are fixed in Apport versions 2.20.11-0ubuntu50 (Ubuntu 18.04 LTS) and 2.20.11-0ubuntu27.4 (Ubuntu 20.04 LTS), released on 2021-06-11. Users should update Apport to the patched versions. No workarounds are documented; updating is the recommended mitigation [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.20.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.