New Linux Vulnerabilities

June 3, 2025 invoker category_news

Security Update News

Update Information

Title New Linux Vulnerabilities
Update ID SCHNEIER:AE3D9ED06F9F976DC2597EAD777134A7
Type schneier
Published 2025-06-03T11:07:32
Last Updated 2025-06-03T02:52:16

Security Impact

CVSS Score 4.7
Severity MEDIUM
Attack Vector LOCAL

Affected CVEs

  • CVE-2025-4598
  • CVE-2025-5054

Update Details

They’re interesting:

> Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.
>
> […]
>
> “This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace.”

Moderate severity, but definitely worth fixing.

Slashdot thread.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.