Cyber Resilience

CVE-2022-28653

High

Published: 31 January 2025

Published
31 January 2025
Modified
26 August 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0019 41.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-28653 is a high-severity an unspecified weakness vulnerability in Canonical Apport. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Endpoint Denial of Service (T1499); ranked at the 41.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-6 (Resource Availability) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-28653 is a vulnerability that allows users to consume unlimited disk space in the /var/crash directory. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with no confidentiality or integrity effects. No specific software or component is detailed in the available information, and it maps to NVD-CWE-noinfo.

Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation enables denial-of-service by filling the /var/crash directory with unlimited data, potentially exhausting disk resources and disrupting system operations.

The primary reference is the official CVE record at https://www.cve.org/CVERecord?id=CVE-2022-28653, published on 2025-01-31. No specific mitigation or patch details are provided in the available data.

EU & UK References

Vulnerability details

Users can consume unlimited disk space in /var/crash

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

Vulnerability directly enables remote resource exhaustion DoS via unlimited disk writes to /var/crash, mapping to Endpoint Denial of Service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-14551Same vendor: Canonical
CVE-2023-0881Same vendor: Canonical
CVE-2025-15480Same vendor: Canonical
CVE-2025-0928Same vendor: Canonical
CVE-2026-34178Same vendor: Canonical
CVE-2026-32693Same vendor: Canonical
CVE-2026-49238Same vendor: Canonical
CVE-2026-32692Same vendor: Canonical
CVE-2026-5412Same vendor: Canonical
CVE-2025-53513Same vendor: Canonical

Affected Assets

canonical
apport
≤ 2.21.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the flaw permitting unlimited disk consumption in /var/crash through timely patching and flaw correction.

prevent

Limits disk resource availability by user, process, or directory to prevent exhaustion of /var/crash from unauthorized consumption.

prevent

Implements denial-of-service protections at network entry points to mitigate remotely exploitable resource exhaustion attacks.

References