DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2021-3899

High

Low Medium High Critical

7.8

CVSS Score

Published: Jun 03, 2024

Last Modified: Aug 26, 2025

CWE: CWE-367

Vulnerability Description

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

7 configuration(s) from 1 vendor(s)

ubuntu_linux

Version:

18.04

CPE:

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*

ubuntu_linux

Version:

20.04

CPE:

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*

ubuntu_linux

Version:

21.10

CPE:

cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

ubuntu_linux

Version:

22.04

CPE:

cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

apport

Version:

2.20.1

CPE:

cpe:2.3:a:canonical:apport:2.20.1:*:*:*:*:*:*:*

apport

Version:

2.20.9

CPE:

cpe:2.3:a:canonical:apport:2.20.9:*:*:*:*:*:*:*

apport

Version:

2.19.2

CPE:

cpe:2.3:a:canonical:apport:2.19.2:*:*:*:*:*:*:*

This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.8

out of 10.0

High

Weakness Type (CWE)

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

Description: The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Exploit Likelihood: Medium
Typical Severity: Medium
Abstraction Level: Base