Listen to this Post
Two critical information disclosure vulnerabilities (CVE-2025-5054 and CVE-2025-4598) have been discovered in Linux core dump handlers—apport (Ubuntu) and systemd-coredump (RHEL, Fedora). These race condition flaws allow local attackers to steal sensitive data, including password hashes, from memory dumps.
You Should Know:
1. Verify if Your System is Vulnerable
Check if `apport` or `systemd-coredump` is active:
For Ubuntu (apport) systemctl status apport For RHEL/Fedora (systemd-coredump) systemctl status systemd-coredump
2. Disable Core Dumps Temporarily
Prevent unauthorized memory dumps:
Disable core dumps system-wide echo "kernel.core_pattern=|/bin/false" | sudo tee /etc/sysctl.d/99-disable-coredumps.conf sudo sysctl -p /etc/sysctl.d/99-disable-coredumps.conf For per-user limits ulimit -c 0
3. Apply Vendor Patches
Update immediately if patches are available:
Ubuntu/Debian sudo apt update && sudo apt upgrade RHEL/CentOS sudo yum update Fedora sudo dnf upgrade
4. Monitor for Unauthorized Core Dumps
Check for unexpected core dump files:
find / -name "core." -o -name ".core"
5. Restrict Access to `/proc` Filesystem
Prevent unauthorized memory reads:
mount -o remount,hidepid=2 /proc
6. Enable Kernel Hardening
Add these kernel parameters in `/etc/sysctl.conf`:
kernel.dmesg_restrict=1 kernel.kptr_restrict=2
7. Use SELinux/AppArmor to Restrict Core Dump Handlers
For SELinux (RHEL/Fedora) sudo setenforce 1 For AppArmor (Ubuntu) sudo aa-enforce /etc/apparmor.d/
What Undercode Say
These vulnerabilities highlight the risks of improper memory handling in Linux. Attackers can exploit race conditions in core dump mechanisms to extract sensitive data. System administrators must:
– Disable unnecessary core dumps.
– Apply strict filesystem permissions.
– Use mandatory access controls (SELinux/AppArmor).
– Monitor `/var/log/syslog` or `journalctl` for suspicious activity.
Expected Output:
● apport.service - LSB: automatic crash report generation Loaded: loaded (/etc/init.d/apport; generated) Active: active (running) ● systemd-coredump.service - Systemd Core Dumper Loaded: loaded (/usr/lib/systemd/system/systemd-coredump.service; enabled)
Prediction
As Linux remains a prime target, expect more exploits targeting memory handling. Future patches may enforce stricter core dump permissions by default.
IT/Security Reporter URL:
Reported By: Activity 7335014760024887297 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
