- Two vulnerabilities of information dissemination in APPORT and Core-Dump Handler were found
- They affect Ubuntu, Fedora and Red Hat
- The mitigations are available, so users are recommended to take a look
Qualys cybersecurity researchers have discovered two vulnerabilities for disseminating information that affect different Linux distributions.
Defects, which are race condition errors, allow threat actors to access confidential information.
The first is located in the Ubuntu, Apport, and tracks as CVE-2025-5054 garbage nucleus. The second is in the predetermined core controller in Red Hat Enterprise Linux 9 and 10, as well as in Fedora. It is traced as CVE-2025-4598.
Activate an accident
APPORT is an errors report tool in Ubuntu that automatically collects blocking and information information, while Systemd-Coredump captures and stores central overtions of blocked processes for subsequent purification and analysis.
As explained quallys, for APPORT – Ubuntu 24.04 is vulnerable. The versions of up to 2.33.0 are affected, as well as each Ubuntu launch from 16.04. For Systemd-Coredump, Fedora 40/41 and Red Hat Enterprise Linux 9, and Rhel 10 recently launched are vulnerable. Debian systems are not vulnerable by default, QUALYS added, since they do not include any nucleus manipulator.
In theory, an attacker could trigger a blockade in a privileged process and then quickly replace the blocked process before the Dump Core-Dump manager intervenes.
In this way, attackers could access the central dump that could include confidential information, such as passwords.
In addition, since Systemd-Coredump does not correctly validate the “dumpable” indicator by kernel process, a threat actor could block the root demons that and establish UID in their own user identification. In that way, they could read the sensitive memory of critical processes.
QUALYS developed a proof of concept (POC) for both vulnerabilities, and said that to mitigate vulnerabilities, system administrators must ensure that basic dumps are stored safely, implement a strict validation of PID and impose restrictions to access the basic Suid/Sgid files.
You can find more details about possible mitigations, and what commands will be executed to ensure the infrastructure, in this link.
Through The hacker news
