- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202505-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Atop: Heap Corruption
Date: May 14, 2025
Bugs: #952921
ID: 202505-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been discovered in Atop, which can possibly lead to arbitrary code execution.

Background
==========

Atop is an ASCII full-screen performance monitor for Linux that is
capable of reporting the activity of all processes (even if processes
have finished during the interval), daily logging of system and process activity for long-term analysis, highlighting overloaded system
resources by using colors, etc. At regular intervals, it shows system-
level activity related to the CPU, memory, swap, disks (including LVM)
and network layers, and for every process (and thread) it shows e.g. the
CPU utilization, memory growth, disk utilization, priority, username,
state, and exit code.

Affected packages
=================

Package Vulnerable Unaffected
---------------- ------------ ------------
sys-process/atop < 2.11.1 >= 2.11.1

Description
===========

A vulnerability has been discovered in Atop. Please review the CVE
identifier referenced below for details.

Impact
======

Atop allows local users to cause a denial of service (e.g., assertion
failure and application exit) or possibly have unspecified other impact
by running certain types of unprivileged processes while a different
user runs atop.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Atop users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-process/atop-2.11.1"

References
==========

[ 1 ] CVE-2025-31160
https://nvd.nist.gov/vuln/detail/CVE-2025-31160

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202505-09

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmgkjVsACgkQFMQkOaVy +9mEfBAAkJzGLhbvFjyECnoBUzO24FCl0H6+2q9y2ktvhA5RknQQasQwgh/QS/Yr ibQEuRW3qeGfzFXDBbIFhkrvaOoAM/RUhSf6SpLhgJ5tmPpFGynl81+iGExuJYop dqMwXQ/aDJwsAQIjeiCc2GmFNxZ7MOfjVKGunw8zb9EX+3gHrFAE/3DDrV9G+UIF 5VM6SvqQKS5gyz85ljPZnmXggSmZRmMNfw8X2dtIuCAuat3K4nDiQ4Slx4X0bwKU b8ALlLSOXWv7qNkZoXTVFnY8LX5RGRjfRzBQPvaDTBQ+nYA1NCCHg0cIj9GAdYxC RFdX5q0xhI9JqSen09hMkB4EBOMnlrLDG0k4Jwu4DnGioF/12HBpMbqf9YOPZuSx TUSYco2p+Y3leWV8hKNQCg3XyUIdkh2dv0qYinmmQl2tPBfkqhKU3aF+w4yZNl7S NcbKvEUlmKShjipCoMMzkVYrNHecd38Dlnh5Y0gpINt6ljugDy6Zp8boUdSX/OPm MH7z5aw1K+DWp2fGQXEmGrZicbu3ZDKX8lX9holmH/buKrPJikNBS+FeVB7FL1Aa TwlY1pLA3BbMPI3DffcnlGnKWr/ez2xPOPDxjw6IW3KI+UBX8t0gG0mMRlJ2MXzN MI3MhM/ov6iKKjyUuXywZrKJWSUpzkjba+0jR0Ns5AoU4gXUX0E=
=DaKI
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)