Post

Critical Linux Vulnerabilities Enable Password Hash Theft in Ubuntu, RHEL, and Fedora

Posted
By Tom Grant
1 min read
Critical Linux Vulnerabilities Enable Password Hash Theft in Ubuntu, RHEL, and Fedora

TL;DR

  • Two significant information disclosure flaws, CVE-2025-5054 and CVE-2025-4598, have been identified in apport and systemd-coredump, affecting Ubuntu, Red Hat Enterprise Linux (RHEL), and Fedora.
  • These vulnerabilities could allow local attackers to access sensitive information, including password hashes.
  • The flaws stem from race condition bugs in the core dump handlers of these systems.

Main Content

The Qualys Threat Research Unit (TRU) has uncovered two critical information disclosure vulnerabilities in apport and systemd-coredump, the core dump handlers used in Ubuntu, Red Hat Enterprise Linux (RHEL), and Fedora. These vulnerabilities, tracked as CVE-2025-5054 and CVE-2025-4598, are race condition bugs that could enable local attackers to obtain access to sensitive information, including password hashes1.

Impact and Severity

The vulnerabilities pose a significant threat to system security. By exploiting these flaws, attackers could:

  • Access sensitive information stored in core dumps.
  • Obtain password hashes, which could be used for further attacks.
  • Compromise system integrity by gaining unauthorized access to critical data.

Affected Systems

The identified vulnerabilities impact the following Linux distributions:

  • Ubuntu
  • Red Hat Enterprise Linux (RHEL)
  • Fedora

These distributions rely on apport and systemd-coredump for handling core dumps, making them susceptible to these race condition bugs.

Technical Details

CVE-2025-5054 and CVE-2025-4598 are race condition vulnerabilities. These occur when the timing and order of events in a system lead to unexpected and potentially harmful behavior. In this case, the race condition allows an attacker to interfere with the core dump process, leading to unauthorized access to sensitive information.

Mitigation and Patching

To mitigate these vulnerabilities, it is recommended to:

  • Apply the latest security patches provided by the respective Linux distribution vendors.
  • Monitor system logs for any suspicious activity related to core dumps.
  • Implement strict access controls to limit potential attack vectors.

For more detailed information and updates on patches, visit the official source.

Conclusion

The discovery of these vulnerabilities underscores the importance of regular security updates and vigilant monitoring. Organizations and individuals using the affected Linux distributions should take immediate action to patch their systems and protect against potential attacks.

References

  1. The Hacker News (2025-05-31). “New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora”. The Hacker News. Retrieved 2025-05-31. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity linux vulnerabilities password hash theft
This post is licensed under CC BY 4.0 by the author.