Critical Linux Vulnerabilities Expose Password Hashes via Core Dumps in Ubuntu, RHEL, and Fedora

Two severe information disclosure vulnerabilities have been uncovered in the core dump handlers of widely used Linux distributions, including Ubuntu, Red Hat Enterprise Linux (RHEL), and Fedora. Discovered by the Qualys Threat Research Unit (TRU), these flaws, tracked as CVE-2025-5054 and CVE-2025-4598, exploit race condition bugs in the apport and systemd-coredump systems. These vulnerabilities could allow local attackers to access sensitive information, including password hashes stored in the /etc/shadow file. Core dumps are files that capture the memory state of a program when it crashes unexpectedly. While these files are useful for debugging, they can also expose sensitive data if not properly secured. In this case, the vulnerabilities could enable an unprivileged attacker to generate core dumps that include password hashes, potentially leading to unauthorized access and privilege escalation. The race condition bugs occur when the core dump handlers fail to properly manage access permissions during the dump process. This oversight can allow an attacker to intercept and extract sensitive data before it is properly protected. The vulnerabilities are particularly concerning because they affect core components of the operating system, which are typically trusted to handle sensitive information securely. Qualys has issued warnings about these flaws, emphasizing the need for immediate patching. System administrators are advised to update their systems to the latest versions that include fixes for these vulnerabilities. Additionally, users should consider disabling core dumps in environments where they are not essential for debugging purposes. The /etc/shadow file, which stores password hashes, is a critical component of Linux security. Access to this file can allow attackers to launch offline brute-force attacks, potentially compromising user accounts and gaining unauthorized access to the system. To mitigate these risks, organizations should enforce strong password policies, use modern hashing algorithms, and regularly audit their systems for vulnerabilities. Linux distributions such as Ubuntu, RHEL, and Fedora are widely used in both enterprise and personal environments, making these vulnerabilities a significant concern. The discovery of these flaws highlights the importance of continuous security monitoring and prompt response to newly identified threats. Users should stay informed about security updates and apply them as soon as they become available to protect their systems from potential exploits. In summary, the recent discovery of CVE-2025-5054 and CVE-2025-4598 in Linux core dump handlers underscores the ongoing challenges in securing sensitive data in complex operating systems. By understanding these vulnerabilities and taking proactive steps to mitigate them, system administrators can enhance the security of their Linux environments and protect against potential attacks.