Cyber Defense Advisors

New Linux Vulnerabilities

They’re interesting:

Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.

[…]

“This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace.”

Moderate severity, but definitely worth fixing.

Slashdot thread.

Tags: , ,

Sidebar photo of Bruce Schneier by Joe MacInnis.

 

Related Post

Critical Cisco ISE Auth Bypass Flaw Impacts Cloud

Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully

Cyber News

Google Exposes Vishing Group UNC6040 Targeting Salesforce with

Google has disclosed details of a financially motivated threat cluster that it said “specializes” in voice phishing (aka vishing) campaigns

Cyber News

Chaos RAT Malware Targets Windows and Linux via

Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has

Cyber News

Your SaaS Data Isn’t Safe: Why Traditional DLP

Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses use SaaS applications. Companies

Cyber News

Leave feedback about this

  • Quality
  • Price
  • Service
Choose Image