Two new bugs found in Linux systems could let attackers read sensitive information, but only if they already have access to the computer and manage to exploit a tricky timing flaw.
These issues were discovered by security researchers at Qualys in Linux components called apport and systemd-coredump, which are used to manage crash reports.
The flaws, known as CVE-2025-5054 and CVE-2025-4598, take advantage of a rare situation called a “race condition.” This means that if an attacker acts fast enough, they can place a new program in the system using the same process ID, and possibly read the crash data from more secure programs.
The risk mostly affects Ubuntu and Red Hat Enterprise Linux systems. Canonical’s apport (up to version 2.32.0) and systemd-coredump are the vulnerable components. However, Debian systems are safe by default unless extra software is installed. Similarly, newer Ubuntu versions are also protected.
Red Hat Enterprise Linux systems classifies the threat as “moderate” due to its significant complexity. An attacker must first succeed in the race condition and possess a local account without privileges. “These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump,” states Saeed Abbasi, Qualys product manager.
For organizations unable to update immediately, Red Hat provides a workaround. By running the command “echo 0 > /proc/sys/fs/suid_dumpable” as the root user, the system’s ability to generate core dumps for SUID binaries is disabled. This setting controls whether SUID programs can create core dumps following a crash.
Qualys also created a test attack that shows how password hash data might be accessed from a crashed process, but experts say the real-world impact is limited.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
