Wiz
Vulnerability DatabaseCVE-2025-5054

CVE-2025-5054
Linux Ubuntu vulnerability analysis and mitigation

Overview

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. The vulnerability was discovered in May 2025 and affects Ubuntu's core-dump handler. When handling a crash, the function _check_global_pid_and_forward, which detects if the crashing process resided in a container, was being called before consistency_checks, which attempts to detect if the crashing process had been replaced (Ubuntu CVE, NVD).

Technical details

The vulnerability exists due to incorrect handling of metadata when processing application crashes. The issue occurs because the container detection function is called before consistency checks are performed. If a process crashes and is quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. The vulnerability has been assigned a CVSS 3.1 score of 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (Qualys Report).

Impact

The vulnerability allows local attackers to obtain sensitive information from core dumps of privileged processes. Specifically, attackers can access password hashes from /etc/shadow by exploiting core dumps of crashed SUID programs like unix_chkpwd. The impact is primarily limited to confidentiality breaches of privileged process memory (Hacker News, Qualys Report).

Mitigation and workarounds

The vulnerability has been patched in multiple Ubuntu releases with updated versions of the apport package. As a temporary mitigation, systems can set /proc/sys/fs/suid_dumpable to 0, which prevents all SUID programs from being analyzed in case of a crash. The fix involves calling consistency_checks before _check_global_pid_and_forward and implementing additional checks for crash forwarding to containers (Ubuntu Security Notice).

Community reactions

The security community has noted this as part of a broader set of vulnerabilities affecting core dump handlers in Linux distributions. The vulnerability was discovered by Qualys Threat Research Unit and coordinated with Ubuntu's security team and apport's developers. The disclosure process involved multiple stakeholders including Red Hat Product Security and the linux-distros@openwall group (Hacker News).

Additional resources

SourceThis report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-71144N/AN/A
  • Linux DebianLinux Debian
  • linux
NoYesJan 14, 2026
CVE-2025-71143N/AN/A
  • Linux DebianLinux Debian
  • linux
NoNoJan 14, 2026
CVE-2025-71142N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-core
NoNoJan 14, 2026
CVE-2025-71141N/AN/A
  • Linux DebianLinux Debian
  • linux-aws-fips
NoNoJan 14, 2026
CVE-2025-71140N/AN/A
  • Linux DebianLinux Debian
  • linux-gcp-fips
NoNoJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo