Recommended reading

Key Linux systems may have security flaws which allow password theft

News
By published

Researchers found two concerning flaws in Linux

Close up of the Linux penguin.
(Image credit: Linux)
  • Two information disclosure vulnerabilities were found in Apport and core-dump handler
  • They affect Ubuntu, Fedora, and Red Hat
  • Mitigations are available, so users are advised to take a look

Cybersecurity researchers from Qualys have discovered two information disclosure vulnerabilities plaguing different Linux distros.

The flaws, both of which are race condition bugs, allow threat actors to gain access to sensitive information.

The first one is found in Ubuntu’s core dump-handler, Apport, and is tracked as CVE-2025-5054. The second one is found in the default core-dump handler on Red Hat Enterprise Linux 9 and 10, as well as on Fedora. It is tracked as CVE-2025-4598.

Triggering a crash

Apport is an error reporting tool in Ubuntu that automatically collects crash data and system information, while systemd-coredump captures and stores core dumps of crashed processes for later debugging and analysis.

As Qualys explained, for Apport - Ubuntu 24.04 is vulnerable. Versions up to 2.33.0 are affected, as well as every Ubuntu release since 16.04. For systemd-coredump, Fedora 40/41, and Red Hat Enterprise Linux 9, and the recently released RHEL 10 are all vulnerable. Debian systems aren’t vulnerable by default, Qualys added, since they don’t include any core-dump handlers.

In theory, an attacker could trigger a crash in a privileged process and then quickly replace the crashed process before the core-dump handler intervenes.

That way, the attackers could access the core dump which could include sensitive information, such as passwords.

What’s more, since systemd-coredump does not properly validate the kernel’s per-process "dumpable" flag, a threat actor could crash root daemons that for and set UID to their own user ID. That way, they could read sensitive memory from critical processes.

Qualys developed a proof-of-concept (PoC) for both vulnerabilities, and said that to mitigate the vulnerabilities, system administrators should make sure core dumps are securely stored, implement strict PID validation, and enforce restrictions on accessing SUID/SGID core files.

More details about potential mitigations, and which commands to run to secure the infrastructure, can be found on this link.

Via The Hacker News

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.