Lucene search

Ubuntu.comUB:CVE-2021-25682

HistoryFeb 02, 2021 - 12:00 a.m.

CVE-2021-25682

2021-02-0200:00:00

ubuntu.com

cve-2021-25682

apport

ubuntu

kernel

bug

parsing

status

file

vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

18.5%

JSON

It was discovered that the get_pid_info() function in data/apport did not
properly parse the /proc/pid/status file from the kernel.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchapport< 2.20.9-0ubuntu7.23UNKNOWN
ubuntu20.04noarchapport< 2.20.11-0ubuntu27.16UNKNOWN
ubuntu20.10noarchapport< 2.20.11-0ubuntu50.5UNKNOWN
ubuntu14.04noarchapport< 2.14.1-0ubuntu3.29+esm6UNKNOWN
ubuntu16.04noarchapport< 2.20.1-0ubuntu2.30UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	apport	< 2.20.9-0ubuntu7.23	UNKNOWN
ubuntu	20.04	noarch	apport	< 2.20.11-0ubuntu27.16	UNKNOWN
ubuntu	20.10	noarch	apport	< 2.20.11-0ubuntu50.5	UNKNOWN
ubuntu	14.04	noarch	apport	< 2.14.1-0ubuntu3.29+esm6	UNKNOWN
ubuntu	16.04	noarch	apport	< 2.20.1-0ubuntu2.30	UNKNOWN