CVE-2025-5054: 
Linux Ubuntu vulnerability analysis and mitigation

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. The vulnerability occurs when handling a crash, where the function _check_global_pid_and_forward, which detects if the crashing process resided in a container, was being called before consistency_checks, which attempts to detect if the crashing process had been replaced (NVD, Ubuntu Security).

The vulnerability exists due to incorrect ordering of security checks in apport's crash handling process. When a crash occurs, apport performs container detection before process consistency verification, creating a race condition. An attacker can exploit this by crashing a SUID program, quickly killing it, and replacing it with a containerized process before apport's analysis. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.7 (Medium) with vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (Qualys Report).

The vulnerability allows attackers to access sensitive information from crashed SUID programs' memory, including password hashes from /etc/shadow. The impact is particularly significant when exploiting programs like unix_chkpwd, which handles password verification and loads sensitive authentication data into memory (Hacker News, Qualys Report).

The vulnerability has been patched by reordering the security checks, ensuring consistency_checks is called before _check_global_pid_and_forward. Additionally, crashes are now only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged. As a temporary mitigation, systems can set /proc/sys/fs/suid_dumpable to 0, which prevents SUID programs from being analyzed during crashes (Ubuntu Security, Qualys Report).