CVE-2020-15702

Name of the Vulnerable Software and Affected Versions apport versions prior to 2.20.1-0ubuntu2.24 apport versions 2.20.9 prior to 2.20.9-0ubuntu7.16 apport versions 2.20.11 prior to 2.20.11-0ubuntu27.6

Description The issue exists due to insufficient checking of a shared resource's state in the apport error reporting service. This can allow an attacker to escalate privileges and execute arbitrary code. An attacker may exploit PID recycling to spawn a root process with the same PID as a crashed process, which can then be used to escalate privileges.

Recommendations For apport versions prior to 2.20.1-0ubuntu2.24, update to version 2.20.1-0ubuntu2.24 or later. For apport versions 2.20.9 prior to 2.20.9-0ubuntu7.16, update to version 2.20.9-0ubuntu7.16 or later. For apport versions 2.20.11 prior to 2.20.11-0ubuntu27.6, update to version 2.20.11-0ubuntu27.6 or later. As a temporary workaround, consider restricting access to the apport service to minimize the risk of exploitation.