Qualys researchers have identified race conditions in Linux components apport and systemd-coredump that could allow local attackers to read core dumps from privileged processes. Specifically, CVE-2025-5054 affects Canonical's apport package, while CVE-2025-4598 involves systemd-coredump. Red Hat has categorized the vulnerability as moderate due to the complexity of exploitation. Debian systems are less affected as they lack the necessary core dump handler by default. For immediate protection, Red Hat suggests disabling core dumps for SUID binaries via a specific command.
These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump, explains Qualys product manager Saeed Abbasi.
Not all distributions are equally vulnerable. Debian systems are not susceptible to CVE-2025-4598 by default due to lack of core dump handler unless installed manually.
Collection
[
|
...
]