Vulnerability Description
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apport Project | Apport | >= 2.13, <= 2.20.7 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171Issue TrackingThird Party Advisory
- https://launchpad.net/bugs/1726372Issue TrackingThird Party Advisory
- https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180Third Party Advisory
- https://usn.ubuntu.com/usn/usn-3480-1Third Party Advisory
- http://seclists.org/fulldisclosure/2025/Jun/9
- https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171Issue TrackingThird Party Advisory
- https://launchpad.net/bugs/1726372Issue TrackingThird Party Advisory
- https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180Third Party Advisory
- https://usn.ubuntu.com/usn/usn-3480-1Third Party Advisory
FAQ
What is CVE-2017-14180?
CVE-2017-14180 is a vulnerability with a CVSS score of 7.8 (HIGH). Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial o...
How severe is CVE-2017-14180?
CVE-2017-14180 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14180?
Check the references section above for vendor advisories and patch information. Affected products include: Apport Project Apport, Canonical Ubuntu Linux.