Vulnerability Details CVE-2020-15702
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.7%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 4.4
References
Products affected by CVE-2020-15702
-
cpe:2.3:a:canonical:apport:2.19.1-0ubuntu3
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu1
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu2
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu3
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu4
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu5
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu6
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu7
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu8
-
cpe:2.3:a:canonical:apport:2.19.2-0ubuntu9
-
cpe:2.3:a:canonical:apport:2.19.3-0ubuntu1
-
cpe:2.3:a:canonical:apport:2.19.3-0ubuntu2
-
cpe:2.3:a:canonical:apport:2.19.3-0ubuntu3
-
cpe:2.3:a:canonical:apport:2.19.4-0ubuntu1
-
cpe:2.3:a:canonical:apport:2.19.4-0ubuntu2
-
cpe:2.3:a:canonical:apport:2.20-0ubuntu1
-
cpe:2.3:a:canonical:apport:2.20-0ubuntu2
-
cpe:2.3:a:canonical:apport:2.20-0ubuntu3
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8
-
cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8
-
cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9
-
cpe:2.3:a:canonical:apport:2.20.7-0ubuntu3
-
cpe:2.3:a:canonical:apport:2.20.7-0ubuntu3.1
-
cpe:2.3:a:canonical:apport:2.20.7-0ubuntu4
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu1
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu10
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu2
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu3
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu4
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu5
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu6
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu7
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu8
-
cpe:2.3:a:canonical:apport:2.20.8-0ubuntu9
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8
-
cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:20.04