6 days ago
Linux Passwords Warning — 2 Critical Vulnerabilities, Millions At Risk
Beware this Linux password vulnerability.
Although most critical security warnings that hit the headlines impact users of Microsoft's Windows operating systems, and occasionally Apple's iOS and macOS, Critical Linux security vulnerabilities are a much rarer occurrence. As news of not one, but two, such Linux vulnerabilities breaks, millions of users are advised that their passwords and encryption keys could be at risk of compromise. Here's what you need to know and do.
When security experts from a renowned threat research unit discover not one, but two, critical local information disclosure vulnerabilities impacting millions of Linux users, it would be an understatement to say that this is a cause for concern. When those same security researchers develop proof of concepts for both vulnerabilities, across a handful of Linux operating systems, the concern level goes through the roof.
The vulnerabilities, impacting the Ubuntu core-dump handler known as Apport, and Red Hat Enterprise Linux 9 and 10, plus Fedora, with the systemd-coredump handler, are both of the race-condition variety. Put simply, this is where event timing can cause errors or behaviours that are unexpected at best, critically dangerous at worst. The vulnerabilities uncovered by the Qualys threat research unit fall into the latter category.
Exploiting CVE-2025-5054 and CVE-2025-4598, Saeed Abbasi, a manager with the Qualys TRU, said, could 'allow a local attacker to exploit a Set-User-ID program and gain read access to the resulting core dump.' Because both impacted tools are designed to deal with crash reporting, they are well-known targets for attackers looking to exploit vulnerabilities to access the data contained within those core dumps. Abbasi conceded that there are plenty of modern mitigations against such risk, including systems that direct core dumps to secure locations, for example, 'systems running outdated or unpatched versions remain prime targets,' for the newly disclosed vulnerabilities.
Abbasi went on to warn that the successful exploitation of these Linux vulnerabilities could lead to the extraction of 'sensitive data, like passwords, encryption keys, or customer information from core dumps.' All users are urged to mitigate that risk by prioritizing patching and increasing access controls. Abbasi said that when it comes to the Apport vulnerability, Ubuntu 24.04 is affected, including all versions of Apport up to 2.33.0 and every Ubuntu release since 16.04. For the systemd-coredump, vulnerability, meanwhile, Abbasi warned that Fedora 40/41, Red Hat Enterprise Linux 9, and the recently released RHEL 10 are vulnerable.
I have reached out to Canonical and Red Hat for a statement regarding the Linux password exposure threats.
