New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

2025-05-31 10:19

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like

News URL

https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html

#linux #rhel #ubuntu #CVE-2025-4598 #CVE-2025-5054

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-30	CVE-2025-5054	Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced.	0.0
2025-05-30	CVE-2025-4598	A vulnerability was found in systemd-coredump.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		11	69	3961	2015	67	6112