Cyber Defense Advisors

New Linux Vulnerabilities

They’re interesting:

Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.

[…]

“This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace.”

Moderate severity, but definitely worth fixing.

Slashdot thread.

 

Related Post

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in

Cyber News

Citrix Bleed 2 Flaw Enables Token Theft; SAP

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if

Cyber News

What LLMs Know About Their Users

Simon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows

Cyber News

Pro-Iranian Hacktivist Group Leaks Personal Records from the

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a

Cyber News