Login Sign Up

CVE-2022-1242

7.8 HIGH

📋 TL;DR

CVE-2022-1242 is a vulnerability in Apport, Ubuntu's crash reporting tool, that allows local attackers to trick Apport into connecting to arbitrary sockets as the root user. This affects Ubuntu systems with Apport enabled, potentially allowing privilege escalation or unauthorized access to network services. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • Apport
Versions: Apport versions prior to 2.20.11-0ubuntu82.1
Operating Systems: Ubuntu 22.04 LTS (Jammy Jellyfish)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Ubuntu 22.04 LTS with Apport enabled. Apport may be disabled by default on some installations.

📦 What is this software?

Apport by Canonical

View all CVEs affecting Apport →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root privilege escalation leading to complete system compromise, installation of persistent backdoors, or lateral movement to other systems.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on compromised Ubuntu systems.

🟢

If Mitigated

Limited impact if Apport is disabled or properly configured with restricted permissions.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.
🏢 Internal Only: HIGH - Local attackers or compromised user accounts can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system. The vulnerability is in how Apport handles socket connections when running as root.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apport 2.20.11-0ubuntu82.1 or later

Vendor Advisory: https://ubuntu.com/security/notices/USN-5427-1

Restart Required: No

Instructions:

1. Update system: sudo apt update && sudo apt upgrade
2. Specifically update Apport: sudo apt install --only-upgrade apport
3. Verify version: apport --version

🔧 Temporary Workarounds

Disable Apport

linux

Completely disable the Apport crash reporting service

sudo systemctl stop apport
sudo systemctl disable apport
sudo sed -i 's/enabled=1/enabled=0/' /etc/default/apport

Restrict Apport permissions

linux

Limit Apport's ability to execute with elevated privileges

sudo chmod 644 /usr/share/apport/apport
sudo chown root:root /usr/share/apport/apport

🧯 If You Can't Patch

  • Disable Apport service completely using the workaround commands
  • Implement strict access controls to prevent local users from exploiting the vulnerability

🔍 How to Verify

Check if Vulnerable:

Check Apport version: dpkg -l | grep apport | grep ^ii

Check Version:

apport --version

Verify Fix Applied:

Verify Apport version is 2.20.11-0ubuntu82.1 or later: apport --version

📡 Detection & Monitoring

Log Indicators:

  • Unusual Apport processes running as root
  • Apport connecting to unexpected sockets or ports
  • Failed privilege escalation attempts in system logs

Network Indicators:

  • Apport making unexpected network connections
  • Root processes connecting to unusual ports

SIEM Query:

process_name:"apport" AND user:"root" AND (destination_port:!* OR unusual_connection_pattern)

📊 Metadata

CVE ID: CVE-2022-1242
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: June 3, 2024
Last Updated: August 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1242, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)