CVE-2026-54229 – Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking

CVE ID :CVE-2026-54229

Published : June 13, 2026, 3:16 a.m. | 33 minutes ago

Description :A race condition was found in the abrt-dbus D-Bus service’s ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files to the caller’s uid, succeeding even while post-create event handlers hold a write lock. This allows an attacker to gain filesystem-level control of the dump directory while privileged event scripts are still running.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-11769 – Operator – Namespaced User Path Traversal

CVE-2026-9848 – WP Ticket

CVE-2026-54231 – Abrt: unsanitized systemd journal content written to dump directory files enables content injection

CVE-2026-54230 – Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites