Two information disclosure vulnerabilities have been identified in the Linux core dump handlers apport and systemd-coredump, affecting several distributions including Ubuntu, Red Hat Enterprise Linux, and Fedora, according to a report from the Qualys Threat Research Unit (TRU).
Tracked under the identifiers CVE-2025-5054 and CVE-2025-4598, these vulnerabilities arise from race conditions that could allow local attackers to gain access to sensitive information. Tools designed for crash reporting and core dumps, such as Apport and systemd-coredump, are essential for managing Linux system processes.
Saeed Abbasi, manager of product at Qualys TRU, elaborated on the vulnerabilities, explaining, “These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump.” The risks associated with these flaws can significantly undermine the integrity of sensitive data, as attackers could potentially access details such as user password hashes.
The vulnerabilities have received moderate severity ratings from Red Hat due to the complexity involved in executing a successful exploit. Users are advised to disable core dumps for SUID binaries as a temporary mitigation measure by running the command echo 0 > /proc/sys/fs/suid_dumpable as a root user. According to Red Hat, this command effectively prevents core dumps from being generated for SUID programs, thus protecting sensitive data from potential exposure.
Similar advisories have been issued by other vendors including Amazon Linux, Debian, and Gentoo. Interestingly, Debian systems are not affected by CVE-2025-4598 unless the systemd-coredump package has been manually installed. Moreover, it is noted that CVE-2025-4598 does not impact current Ubuntu releases.
Qualys has also developed proof-of-concept (PoC) code demonstrating how these vulnerabilities can be exploited. This includes scenarios where an attacker could exploit the core dump of a failed unix_chkpwd process to access password hashes from the /etc/shadow file.
Both Canonical and Qualys emphasize that the implications of these vulnerabilities are significant. Abbasi warned, “The exploitation of vulnerabilities in Apport and systemd-coredump can severely compromise the confidentiality at high risk, as attackers could extract sensitive data, like passwords, encryption keys, or customer information from core dumps.” This incident underscores the critical need for rigorous patching protocols and proactive security measures within organizations.
It is advisable for enterprises to enforce strict monitoring and access controls in response to these findings, as the reputational and regulatory repercussions of exploitation could be dire.