Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing

Apport does not disable python crash handler before entering chroot

is_closing_session() allows users to consume RAM in the Apport process

is_closing_session() allows users to create arbitrary tcp dbus connections

is_closing_session() allows users to fill up apport.log

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.