CVE-2026-54229

Affects the abrt-dbus D-Bus service’s ChownProblemDir method. A race condition occurs when ChownProblemDir opens the dump directory with DD_OPEN_READONLY and then calls dd_chown to change ownership of all files to the caller’s UID, which succeeds even while post-create event handlers hold a write...

abrt: abrt-dbus does not guard against crafted problem directory path arguments

It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and...