Description
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package validation and allowing crashes of unpackaged binaries to survive post-create processing.
Published: 2026-06-13
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A time‑of‑check time‑of‑use race condition in the abrt‑dbus D‑Bus service’s SetElement method allows any local user to write arbitrary files into a root‑owned dump directory. The flaw bypasses package validation and permits crashes of unpackaged binaries to survive the post‑create processing. The primary impact is the ability to create or overwrite files in directories that normally require root privileges, potentially leading to persistence of modified crash dumps or other unintended data.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux 6, 7 and 8 distributions. It requires local user access and targets the abrt‑dbus service component that manages crash dump directories.

Risk and Exploitability

The CVSS score of 7.8 reflects substantial risk, with the EPSS score not available and the vulnerability not listed in the CISA KEV catalog. The attack vector is local and relies on a race condition; an attacker must have the ability to invoke SetElement while a dump directory is being created. The likelihood of exploitation depends on the attacker's ability to coordinate the timing, but the presence of a race condition means that the vulnerability can be triggered with sufficient skill, giving it moderate to high exploitability for affected systems.

Generated by OpenCVE AI on June 13, 2026 at 03:21 UTC.

Remediation

Vendor Workaround

The following practices would help for avoiding exposure and mitigate this flaw: - Disable or remove ABRT if it is not required. On RHEL 8 systems where ABRT is installed, it can be disabled with: systemctl disable --now abrtd.service abrt-journal-core.service abrt-oops.service abrt-xorg.service - On Fedora systems, consider using systemd-coredump instead of ABRT for crash handling, as ABRT is being phased out in favor of systemd-coredump - Restrict local user access to systems running ABRT, as this vulnerability requires local access

OpenCVE Recommended Actions

  • Disable or uninstall ABRT if crash handling is not required; on RHEL 8 systems run: systemctl disable --now abrtd.service abrt-journal-core.service abrt-oops.service abrt-xorg.service
  • On Fedora or where ABRT is phased out, switch to systemd-coredump for crash handling to eliminate the vulnerable component
  • Restrict local user access to systems running ABRT so that only authorized users can call the SetElement method

Generated by OpenCVE AI on June 13, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 13 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Description A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package validation and allowing crashes of unpackaged binaries to survive post-create processing.
Title Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-367
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-13T02:34:24.718Z

Reserved: 2026-06-12T15:09:04.249Z

Link: CVE-2026-54228

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-13T03:16:21.440

Modified: 2026-06-13T03:16:21.440

Link: CVE-2026-54228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T03:30:18Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition