des failles récentes dans linux facilitent le vol de mots de passe via les dumps de noyau sur ubuntu, rhel et fedora

Recent Linux vulnerabilities make it easier to steal passwords via kernel dumps on Ubuntu, RHEL, and Fedora

by

Critical Vulnerabilities in Linux in 2025: The Door Open to Password Theft via Kernel Dumps

Linux systems, long praised for their stability and security, are discovering significant flaws in 2025 that could compromise the confidentiality of sensitive data. Ubuntu, RHEL, and Fedora, three major distributions, are now at the center of vulnerabilities that facilitate password extraction via kernel dumps. These discoveries by cybersecurity experts highlight the need for increased vigilance and appropriate measures to mitigate risks. In a context where targeted attacks are increasing, these flaws risk being a game-changer for the security of open source operating systems. Vulnerabilities in the dump manager and kernel dumps: a threat to system integrity

Vulnerabilities in the dump manager and kernel dumps: a threat to system integrity

The two main vulnerabilities identified concern flaws in the crash dump manager, notably apport and systemd-coredump, present in several Linux distributions including Ubuntu, Red Hat, and Fedora. These flaws, referenced as CVE-2025-5054 and CVE-2025-4598, exploit race conditions that allow a local attacker to manipulate memory and access sensitive data stored in kernel dumps. The severity of these bugs lies in their ability to disclose hashed passwords or other confidential information contained in /etc/shadow.

Here are the key points to know about these vulnerabilities:

CVE-2025-5054: Allows memory leak via PID reuse in the apport manager. CVE-2025-4598: Allows a SUID process to be replaced with an unprivileged binary, exposing data in the core dump.

  • Both vulnerabilities exploit isolation mechanisms such as namespaces to hide or hijack the targeted process. The severity level is considered moderate by Red Hat, given the technical difficulty of exploitation and the requirement for privileged local access.
  • The affected modules (apport and systemd-coredump) must be configured and monitored to limit their potential impact. These vulnerabilities raise fundamental questions about how Linux manages memory during crashes and the impact of dump logs on overall security. Their mere presence in these known critical components highlights an urgent need to strengthen the security layer at the kernel level and associated utilities.
  • https://www.youtube.com/watch?v=59dQ-5sjDLc
  • How these vulnerabilities facilitate password theft: mechanisms and specific risks
  • The identified vulnerabilities allow hackers to hijack the dump stream to access passwords or other sensitive data. The process often begins with a local attack exploiting the race condition, then uses techniques to read the contents of kernel dumps, which often contain data in the memory of privileged processes.

Specifically, an intruder can cause a SUID process to crash and then manipulate the dump to extract valuable information such as:

Password hashes stored in /etc/shadow.

Encryption keys in memory.

User session or login details.

Once retrieved, this data becomes an immediate threat to system security, allowing attackers to attempt replay or melee attacks. Sending these dumps to compromised servers or simply reading them locally is enough to compromise the confidentiality of user accounts, particularly on critical systems like RHEL and Fedora in enterprise environments.

  • The vulnerabilities clearly illustrate a paradox: while Linux has always been designed for robust security, certain components like systemd-coredump or apport must now be strengthened to prevent low-level access from becoming a backdoor.
  • Recommended Measures to Limit the Impact of Kernel Dump Vulnerabilities in 2025
  • Recommended Measures to Limit the Impact of Kernel Dump Vulnerabilities in 2025

To address these threats, various mitigation strategies have been proposed by vendors and security experts. The first step is to quickly apply available patches or implement temporary measures to limit information leakage. These include:

Disable core dump generation for SUID processes

by modifying the configuration using the command:

/proc/sys/fs/suid_dumpable”>

.

  1. This operation prevents the automatic creation of dumps in the event of a privileged program crash. Update crash handlers 
    such as apport and systemd-coredump as soon as corrected versions are available.

    Strengthen memory segmentation
    and limit data disclosure during crashes by configuring kernel parameters.

  2. Use advanced monitoring tools to detect any suspicious activity or manipulation of privileged processes.
  3. Regularly audit the system to identify any abnormal use or attempted exploitation, particularly through dump analysis.
  4. It is also advisable to strengthen access controls, particularly for critical systems running Ubuntu or RHEL. Administrator awareness and training in Linux vulnerability management also play a vital role. The open source community is constantly working to close these vulnerabilities, and the best defense remains proactive vigilance coupled with a rigorous update policy. Security Challenges in a Context of Rapidly Evolving Linux Vulnerabilities
  5. With the proliferation of vulnerabilities like those discovered in 2025, the security of traditional Linux distributions is under more pressure than ever. Ubuntu, RHEL, Fedora, but also others like Debian, Arch Linux, and SUSE, must evolve rapidly to keep pace with threats. Some major challenges face the open source community and user companies:

Maintaining a balance between stability, compatibility, and security in production environments.

Ensuring that crash management modules and dump logs are secure against exploitation. Quickly identify critical vulnerabilities to deploy emergency patches.

Train administration teams to manage incidents related to new vulnerabilities.

Adapt security strategies to address the growing sophistication of cyberattacks, particularly those targeting kernel and dump components.

  • Recent incidents, particularly those affecting Red Hat and Fedora, also demonstrate that flaws in dump management can have direct consequences for regulatory compliance and the reputation of organizations. Implementing rapid response protocols, classifying vulnerabilities, and prioritizing patches are becoming crucial to limit the window of exposure.
  • https://www.youtube.com/watch?v=CV-ty5dAmQA
  • Comparing Linux Distributions and the Risks of Password Dumping
  • Comparing Linux Distributions and the Risks of Password Dumping
  • A comparative analysis highlights each distribution’s different response to these vulnerabilities. The following table summarizes their mitigation strategies and weaknesses:

Distribution

Dump Management

Available Patches

Security Configuration

Potential Impact

Ubuntu Default configuration with risk if not updated Version 25.10 and later, patches in progress Disablement options available via sysctl Possible leak if not patched
RHEL Strengthened controls via dump modeling Patches prioritized in regular updates /proc/sys/fs/suid_dumpable parameter set to zero Significant risk reduction, but residual vulnerabilities
Fedora Strengthened auditing and fine-grained dump permission management Rapid patch distribution, active development Recommended configuration to disable dumps for SUID Limited impact if best practices are followed
It therefore seems clear that responsiveness and the ability to quickly apply patches play a decisive role in the security of Linux systems against these new threats. Fedora’s community-driven approach or RHEL’s stability offer complementary avenues for reducing the attack surface.