Password Hashes Leaked via Linux Crash Handlers: The Truth Behind CVE-2025-5054 & 4598

In this episode, we unpack two newly disclosed Linux vulnerabilities—CVE-2025-5054 and CVE-2025-4598—discovered by the Qualys Threat Research Unit (TRU). These race condition flaws impact Ubuntu’s apport and Red Hat/Fedora’s systemd-coredump, exposing a little-known but critical attack vector: core dumps from crashed SUID programs.We dive into how these TOCTOU (Time-of-Check to Time-of-Use) race conditions let local attackers manipulate system timing to trick crash handlers into leaking sensitive data. While the CVSS score is a moderate 4.7, the implications are serious—core dumps can contain password hashes, encryption keys, or proprietary data from privileged processes.Join us as we discuss how the vulnerabilities work, which Linux distributions are affected, and how administrators can apply patches or disable SUID core dumps as a temporary fix. We also explore what this means for system hardening, local threat models, and the often-overlooked risk posed by debugging and crash-reporting tools.

There are no comments yet.

Please log in to write the first comment.