Two vulnerabilities in Linux core dump handlers, apport and systemd-coredump, could allow local attackers to access sensitive information such as password hashes. These race condition flaws affect multiple Linux distributions and can lead to data leaks and operational risks. #CVE-2025-5054 #CVE-2025-4598
Keypoints
- Two race condition vulnerabilities were found in apport and systemd-coredump on Linux systems.
- Exploiting these flaws can enable local attackers to read sensitive data from core dumps.
- Distributions like Ubuntu, Red Hat, and Fedora are impacted, with mitigation options available for some.
- Disabling core dumps for SUID binaries can reduce the risk until patches are released.
- Prompt patching, improved monitoring, and access controls are recommended to prevent exploitation.
Read More: https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html