CVE-2021-32554

HIGH

Canonical Ubuntu Linux - Symlink Following

Title source: rule

Description

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

References (1)

[Issue Tracking, Vendor Advisory] https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Details

CWE

CWE-61 CWE-59

Status published

Products (5)

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 20.04

canonical/ubuntu_linux 20.10

canonical/ubuntu_linux 21.04

canonical/ubuntu_linux 21.10

Published Jun 12, 2021

Tracked Since Feb 18, 2026