{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T04:58:48.301","vulnerabilities":[{"cve":{"id":"CVE-2025-5054","sourceIdentifier":"security@ubuntu.com","published":"2025-05-30T18:15:32.670","lastModified":"2025-11-03T20:19:15.727","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.\n\n\n\n\nWhen handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1)."},{"lang":"es","value":"La condición de ejecución en Canonical Apport (hasta la versión 2.32.0 incluida) permite a un atacante local filtrar información confidencial mediante la reutilización de PID aprovechando los espacios de nombres. Al gestionar un fallo, la función `_check_global_pid_and_forward`, que detecta si el proceso causante del fallo reside en un contenedor, se invocaba antes que `consistency_checks`, que intenta detectar si el proceso causante del fallo ha sido reemplazado. Por ello, si un proceso falla y se reemplaza rápidamente por uno contenedorizado, se podía ejecutar `apport` para reenviar el volcado de memoria al contenedor, lo que podría filtrar información confidencial. `consistency_checks` ahora se invoca antes que `_check_global_pid_and_forward`. Además, dado que la condición de ejecución de reutilización de PID no se puede detectar de forma fiable solo desde el espacio de usuario, los fallos solo se reenvían a los contenedores si el núcleo proporcionó un pidfd o si el proceso causante del fallo no tenía privilegios (es decir, si el modo de volcado es 1)."}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*","versionEndIncluding":"2.32.0","matchCriteriaId":"A2661E14-5C57-45A4-98B9-3ACBECBD57B9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","matchCriteriaId":"902B8056-9E37-443B-8905-8AA93E2447FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*","matchCriteriaId":"359012F1-2C63-415A-88B8-6726A87830DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*","matchCriteriaId":"BF90B5A4-6E55-4369-B9D4-E7A061E797D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:*","matchCriteriaId":"DE07EF30-B50E-4054-9918-50EFA416073B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:25.04:*:*:*:*:*:*:*","matchCriteriaId":"E1AE2209-6CBC-4189-89ED-DA0FF100D77D"}]}]}],"references":[{"url":"https://ubuntu.com/security/CVE-2025-5054","source":"security@ubuntu.com","tags":["Third Party Advisory"]},{"url":"https://ubuntu.com/security/notices/USN-7545-1","source":"security@ubuntu.com","tags":["Third Party Advisory"]},{"url":"https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt","source":"security@ubuntu.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2025/Jun/9","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}