New Linux Flaws Allow Password Hash Theft Via Core Dumps In Ubuntu, RHEL, Fedora - Data Intelligence

New Linux Flaws Allow Password Hash Theft Via Core Dumps In Ubuntu, RHEL, Fedora - Data Intelligence

May 31, 2025Ravie LakshmananVulnerability / Linux Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like A…

Ubuntu's apport affected by core dump vulnerability, here's how to patch

Ubuntu's apport has been discovered to contain a vulnerability that could put your sensitive information at risk. Here's how to patch your system. Read more...

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Qualys discovered two race condition vulnerabilities (CVE-2025-5054 and CVE-2025-4598) that affect the apport and systemd-coredump components in Ubuntu, RHEL, and Fedora. Attackers can exploit these vulnerabilities to read sensitive information such as password hashes. It is recommended to disable the SUID core dump feature to mitigate the risk.