Widespread Linux password hash theft likely with new bugs

Apport and systemd-coredump, which manage core dumps in Ubuntu, Fedora, and Red Hat Enterprise Linux, have been affected by medium-severity race condition vulnerabilities, which could be exploited to compromise password hashes and other sensitive information from Linux systems, according to The Hacker News.

While the Canonical apport package flaw, tracked as CVE-2025-5054, could be leveraged to facilitate data leaks through PID-reuse, the systemd-coredump bug, tracked as CVE-2025-4598, could be abused to force crash a SUID process that would be replaced with a non-SUID binary to enable data exposure, a Qualys Threat Research Unit report showed. Red Hat has already advised users to execute the "echo 0 > /proc/sys/fs/suid_dumpable" command with root privileges to mitigate CVE-2025-4598. On the other hand, Canonical noted the limited effect of the proof-of-concept exploit for CVE-2025-5054. However, Qualys TRU Product Manager Saeed Abbasi cautioned about the operational disruptions and reputational fallout stemming from possible compromise. "To mitigate these multifaceted risks effectively, enterprises should adopt proactive security measures by prioritizing patches and mitigations, enforcing robust monitoring, and tightening access controls," Abbasi added.