Qualys has raised alarms over two information disclosure vulnerabilities found in apport and systemd-coredump, the core dump handlers used in Ubuntu, Red Hat Enterprise Linux, and Fedora systems.
Researchers discovered that Apport (Ubuntu's default crash reporting tool) and systemd-coredump (the core dump handler in Red Hat Enterprise Linux 9 and Fedora) are both vulnerable to race condition flaws. These weaknesses can allow local attackers to gain unauthorized access to core dumps from crashed SUID programs.
systemd-coredump collects snapshots of a program’s memory when it crashes and stores them in the system journal. Although these core dumps are valuable for debugging, they often contain sensitive data and are restricted to root users. This handler is used widely across Linux distributions including Fedora, RHEL 8 and above, SUSE, and Arch.
Apport, the crash report generator in Ubuntu, gathers data such as stack traces and logs when an application fails. It then compiles a report that may include personal or system-specific information for developers to review.
According to Qualys’s Threat Research Unit (TRU), both flaws are race condition issues. The first vulnerability, CVE-2025-5054, affects Apport. The second, CVE-2025-4598, affects systemd-coredump. Both carry a CVSS score of 4.7 and enable a local attacker to read core dumps by replacing the crashed SUID process with another one before the analysis completes.
Qualys developed proof-of-concept exploits that demonstrate how to extract password hashes from the /etc/shadow file by targeting the unix_chkpwd process.
The affected versions include Ubuntu 24.04 and all releases from 16.04 onward (up to Apport version 2.33.0), Fedora 40 and 41, and RHEL 9 and 10. Debian is not impacted by default.
Until patches are applied, administrators can prevent potential leaks by setting /proc/sys/fs/suid_dumpable to 0. This disables core dumps for SUID programs, serving as a temporary workaround.
Qualys warned that exploiting these vulnerabilities could lead to severe data exposure, including passwords, encryption keys, and customer information. The consequences range from operational disruption and reputational damage to non-compliance with data protection regulations.
To minimize risk, Qualys recommends prioritizing security patches, enhancing monitoring systems, and strengthening access control measures.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
