- Two information information year beings were found in the APPORT AND CORE-Dump trades
- They affect Ubuntu, Fedora and Red Hat
- Barnities are available so that users are advised to look
CyberSecurity scientists from Qualys have discovered two information information vulnerability that plague different Linux -Distros.
The deficiencies, both of which are racial mode errors, allow threat players to access sensitive information.
The first is found in Ubuntus’s core dump dealer, APPORT, and is traced as CVE-2025-5054. The other is found in standard core dump dealer at Red Hat Enterprise Linux 9 and 10 as well as at Fedora. It is tracked as CVE-2025-4598.
Triggers a crash
APPORT is a fault reporting tool in Ubuntu that automatically collects crash data and system information, while Systemd-Coredump captures and stores core dumps of broken down processes for later troubleshooting and analysis.
As Qualys explained, for the APPORT – Ubuntu 24.04 is vulnerable. Versions up to 2.33.0 are affected as well as any Ubuntu release since 16.04. For Systemd Coredump, Fedora 40/41 and Red Hat Enterprise Linux 9, and the recently released RHEL 10 are all vulnerable. By default, Debian systems are not vulnerable, added Qualys as they do not include any core dump handlers.
In theory, an attacker could trigger a crash in a privileged process and then quickly replace the broken down process before the core dump man intervenes.
In this way, the striker could access core dumps, which could include sensitive information, such as passwords.
In addition, Systemd Coredump does not correctly valid the “dumpable” flag of the core correctly, a threat actor could break down root demons that for and set UID to their own user ID. In this way, they could read sensitive memory from critical processes.
QUALYS developed a proof-of-concept (POC) for both vulnerabilities and said that in order to mitigate the vulnerabilities, system administrators must ensure that Kernedumps is securely saved, implementing strict PID validation and enforcing restrictions on access to SUID/SGID core files.
More details of potential mitigation and which commands to run to ensure the infrastructure can be found at this link.
Via Hacker the news
