CVE-2022-28658

2022-05-1700:00:00

ubuntu.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Apport argument parsing mishandles filename splitting on older kernels
resulting in argument spoofing

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchapport< 2.20.9-0ubuntu7.28UNKNOWN
ubuntu20.04noarchapport< 2.20.11-0ubuntu27.24UNKNOWN
ubuntu21.10noarchapport< 2.20.11-0ubuntu71.2UNKNOWN
ubuntu22.04noarchapport< 2.20.11-0ubuntu82.1UNKNOWN
ubuntu22.10noarchapport< 2.21.0-0ubuntu1UNKNOWN
ubuntu23.04noarchapport< 2.21.0-0ubuntu1UNKNOWN
ubuntu23.10noarchapport< 2.21.0-0ubuntu1UNKNOWN
ubuntu24.04noarchapport< 2.21.0-0ubuntu1UNKNOWN
ubuntu14.04noarchapport< anyUNKNOWN
ubuntu16.04noarchapport< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	apport	< 2.20.9-0ubuntu7.28	UNKNOWN
ubuntu	20.04	noarch	apport	< 2.20.11-0ubuntu27.24	UNKNOWN
ubuntu	21.10	noarch	apport	< 2.20.11-0ubuntu71.2	UNKNOWN
ubuntu	22.04	noarch	apport	< 2.20.11-0ubuntu82.1	UNKNOWN
ubuntu	22.10	noarch	apport	< 2.21.0-0ubuntu1	UNKNOWN
ubuntu	23.04	noarch	apport	< 2.21.0-0ubuntu1	UNKNOWN
ubuntu	23.10	noarch	apport	< 2.21.0-0ubuntu1	UNKNOWN
ubuntu	24.04	noarch	apport	< 2.21.0-0ubuntu1	UNKNOWN
ubuntu	14.04	noarch	apport	< any	UNKNOWN
ubuntu	16.04	noarch	apport	< any	UNKNOWN