Qualys Threat Research Unit (TRU) has identified two information disclosure vulnerabilities in the core dump handlers of Ubuntu, Red Hat Enterprise Linux, and Fedora – apport and systemd-coredump.
Known as CVE-2025-5054 and CVE-2025-4598, these race condition bugs enable local attackers to access sensitive information by exploiting race conditions in the SUID programs.
Saeed Abbasi, from Qualys TRU, mentioned, “These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump.”
Details of the vulnerabilities:
- CVE-2025-5054 (CVSS score: 4.7) – A race condition in Canonical apport package that allows a local attacker to leak sensitive information via PID-reuse.
- CVE-2025-4598 (CVSS score: 4.7) – A race condition in systemd-coredump that allows an attacker to access privileged data.
SUID, or Set User ID, is a special file permission that enables users to execute programs with the owner’s privileges.
Canonical stated, “If a local attacker induces a crash in a privileged process and quickly replaces it with another one, apport will forward the core dump into the namespace.”
Red Hat recommended running a command to disable core dumps for SUID binaries until the package is updated.
Advisories have been released by Amazon Linux, Debian, and Gentoo to address the vulnerabilities.
Proof-of-concept code has been developed by Qualys to showcase how attackers can exploit the vulnerabilities to access sensitive data from core dumps.
Canonical mentioned that the impact of CVE-2025-5054 is limited to the confidentiality of the memory space of SUID executables.
Abbasi emphasized the importance of patching vulnerabilities and implementing security measures to mitigate risks effectively.
Follow us on Twitter and LinkedIn for more exclusive content.
