Launchpad.net

CVE 2021-25682

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

CVE-2021-25682 (Candidate) is related to these bugs:

Bug #1912326: Privilege escalation to root with core file dump

		In	Importance	Status
1912326	Privilege escalation to root with core file dump	apport (Ubuntu)	Undecided	Fix Released
1912326	Privilege escalation to root with core file dump	apport (Ubuntu Hirsute)	Undecided	Fix Released
1912326	Privilege escalation to root with core file dump	apport (Ubuntu Focal)	Undecided	Fix Released
1912326	Privilege escalation to root with core file dump	apport (Ubuntu Xenial)	Undecided	Fix Released
1912326	Privilege escalation to root with core file dump	apport (Ubuntu Bionic)	Undecided	Fix Released
1912326	Privilege escalation to root with core file dump	apport (Ubuntu Groovy)	Undecided	Fix Released
1912326	Privilege escalation to root with core file dump	Apport	Critical	Fix Released

See the

CVE page on Mitre.org for more details.