Critical Information Disclosure Vulnerabilities Detected in Apport and Systemd-coredump

• Two race-condition vulnerabilities are affecting the core crash-handling networks.
• Ubuntu’s core-dump handler and the default handler in Red Hat Enterprise Linux and Fedora are affected.
• Local attackers may gain unauthorized access to sensitive data captured in core dumps by exploiting SUID processes.

New race-condition vulnerabilities in Apport, Ubuntu’s core-dump handler, and systemd-coredump, the default handler in Red Hat Enterprise Linux 9 and 10, along with Fedora, were identified. 

Security teams across the Linux ecosystem are on high alert following the disclosure of two significant local information-disclosure vulnerabilities affecting core crash-handling frameworks, which were detailed in a recent Qualys Threat Research Unit (TRU) security report. 

These flaws allow local attackers to gain unauthorized access to sensitive data captured in core dumps by exploiting SUID processes.

Apport and systemd-coredump are essential for Linux crash reporting, generating core dump files each time an application fails. Core dumps often contain sensitive memory data, including credentials and encryption keys, which are typically restricted to root access. 

However, these newly discovered race conditions can be exploited to extract password hashes and other confidential information, posing a material risk to organizations with affected systems.

Proofs of concept developed by Qualys TRU show that a malicious user can leverage these vulnerabilities to read the memory of SUID binaries, potentially retrieving hashed passwords from /etc/shadow. 

This attack vector significantly elevates the risk of privilege escalation and lateral movement within enterprise networks.

Apport vulnerabilities (CVE-2025-5054) impact Ubuntu releases from 16.04 up to and including the latest 24.04 version, affecting all Apport versions up to 2.33.0.

Systemd-coredump vulnerabilities (CVE-2025-4598) affect Fedora 40/41 as well as Red Hat Enterprise Linux versions 9 and 10. Debian installations are not vulnerable by default unless systemd-coredump is manually enabled.

Given the sensitivity of core dump data, attackers exploiting these flaws may cause severe confidentiality breaches, regulatory non-compliance, and operational disruption.