Two vulnerabilities identified in apport and systemd-coredump allow local attackers, via race conditions, to gain access to sensitive information. These flaws, tracked as CVE-2025-5054 and CVE-2025-4598, can be exploited by leveraging the SUID program permissions. When a privileged process crashes, attackers may induce a quick replacement, allowing them read access to core dumps that contain sensitive data from the original process, including critical files like /etc/shadow. Both vulnerabilities have a CVSS score of 4.7, indicating their moderate severity and potential threat.
These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump.
A race condition in Canonical apport package up to and including 2.32.0 that allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.
A race condition in systemd-coredump that allows an attacker to force a SUID process to crash and replace it with a non-SUID binary.
If a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one, apport will attempt to forward the core dump.
Collection
[
|
...
]