Description
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179
Issue Tracking, Third Party Advisory x_refsource_confirm
https://launchpad.net/bugs/1726372
Scores
CVSS v3
7.8
EPSS
0.0036
EPSS Percentile
28.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-400
Status
published
Products (6)
apport_project/apport
< 2.13
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.04
canonical/ubuntu_linux
17.10
canonical/ubuntu_linux
18.04
Published
Feb 02, 2018
Tracked Since
Feb 18, 2026