Login Sign Up

CVE-2021-25684

8.8 HIGH
Denial of Service

📋 TL;DR

CVE-2021-25684 is a vulnerability in Ubuntu's Apport crash reporting system where improper handling of FIFO (named pipe) files could allow local attackers to cause denial of service or potentially execute arbitrary code. This affects Ubuntu systems with Apport enabled. The vulnerability stems from improper input validation when opening report files.

💻 Affected Systems

Products:
  • Ubuntu Apport
Versions: Apport versions before 2.20.11-0ubuntu27.20 (for Ubuntu 20.04 LTS) and other affected Ubuntu releases
Operating Systems: Ubuntu Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Apport is enabled by default on Ubuntu desktop installations but may be disabled on servers. The vulnerability requires local access to create FIFO files.

📦 What is this software?

Apport by Canonical

View all CVEs affecting Apport →

Apport by Canonical

View all CVEs affecting Apport →

Apport by Canonical

View all CVEs affecting Apport →

Apport by Canonical

View all CVEs affecting Apport →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, arbitrary code execution, or complete system compromise through crafted FIFO files.

🟠

Likely Case

Denial of service through system hangs or crashes when Apport processes malicious FIFO files.

🟢

If Mitigated

Minimal impact if Apport is disabled or proper file permissions prevent unauthorized FIFO creation.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this, but requires specific conditions.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to create FIFO files. Public proof-of-concept demonstrates denial of service. More sophisticated attacks might be possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apport 2.20.11-0ubuntu27.20 for Ubuntu 20.04 LTS, with corresponding fixes for other Ubuntu releases

Vendor Advisory: https://ubuntu.com/security/CVE-2021-25684

Restart Required: No

Instructions:

1. Run 'sudo apt update' 2. Run 'sudo apt upgrade apport' 3. Verify the updated version with 'apt-cache policy apport'

🔧 Temporary Workarounds

Disable Apport

linux

Completely disable the Apport crash reporting service

sudo systemctl stop apport
sudo systemctl disable apport
sudo sed -i 's/enabled=1/enabled=0/' /etc/default/apport

Restrict FIFO Creation

linux

Implement filesystem controls to prevent unauthorized FIFO creation in sensitive directories

🧯 If You Can't Patch

  • Disable Apport service completely using systemctl commands
  • Implement strict file permissions and monitoring for FIFO file creation in /var/crash and other Apport directories

🔍 How to Verify

Check if Vulnerable:

Check Apport version with 'apt-cache policy apport' and compare against patched versions for your Ubuntu release

Check Version:

apt-cache policy apport | grep Installed

Verify Fix Applied:

Verify Apport version is at least 2.20.11-0ubuntu27.20 for Ubuntu 20.04 LTS, or corresponding fixed version for your release

📡 Detection & Monitoring

Log Indicators:

  • Apport process hanging or crashing
  • Unusual FIFO file creation in /var/crash
  • System logs showing Apport service failures

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

process.name:"apport" AND (event.action:"hang" OR event.action:"crash") OR file.path:"/var/crash/*" AND file.type:"fifo"

📊 Metadata

CVE ID: CVE-2021-25684
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-20
Published: June 11, 2021
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25684, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)