Two critical local information-disclosure vulnerabilities CVE-2025-5054 and CVE-2025-4598 have been disclosed by the Research Unit, affecting millions of Linux systems worldwide. These vulnerabilities exploit race conditions in core dump handlers, allowing local attackers to manipulate SUID (Set User ID) programs and gain unauthorized access to sensitive memory snapshots, commonly known as core dumps. Specifically, CVE-2025-5054 impacts Ubuntu’s Apport crash reporting system, while CVE-2025-4598 targets systemd-coredump, the default handler in Red Hat Enterprise Linux (RHEL) 9 and 10, and Fedora 40/41. These core dumps can contain highly sensitive information, including password hashes, encryption keys, and customer data.

Despite built-in security measures like restricting access to root users and storing core dumps in secure locations, the vulnerabilities bypass these controls by exploiting race conditions during the crash-reporting process. Researchers demonstrated proof-of-concept exploits, notably against the unix_chkpwd process, a commonly installed password verification tool across Linux systems, to extract password hashes. These attacks can lead to privilege escalation and lateral movement, significantly raising the security stakes for affected systems.

The vulnerabilities have wide-ranging implications. All Ubuntu versions from 16.04 through 24.04 are affected via Apport versions up to 2.33.0. Meanwhile, RHEL 9 and 10 and Fedora systems remain vulnerable through systemd-coredump. In contrast, Debian systems are largely unaffected by default, as they do not include core dump handlers unless manually installed. Beyond the immediate data exposure, the flaws introduce risks of operational downtime, reputational damage, and regulatory non-compliance for organizations relying on vulnerable Linux infrastructure.

To mitigate the threat, security experts recommend setting the /proc/sys/fs/suid_dumpable parameter to 0, effectively disabling core dumps for SUID programs. While this may hinder certain debugging operations, it serves as a critical temporary fix until official patches are deployed. Researchers have released mitigation scripts to help organizations address the flaws quickly, though they advise careful testing due to potential operational side effects. This discovery highlights the urgent need for proactive vulnerability management, emphasizing that temporary mitigations must be paired with timely system updates and patching strategies to maintain a secure Linux environment.