New Linux vulnerabilities allow access to critical data

Two new vulnerabilities in the core dump handlers for Ubuntu, RHEL, and Fedora, allow access to critical data according to The Hacker News. The problem is that those handlers can be forced into a race condition by a local user by crashing an SUID¹ process. That allows a cracker access to critical information such as the password hash table, /etc/passwd.

The good news

The good news is that this vulnerability does require that the cracker have physical access to the target computer. That in itself can reduce the likelihood of attack on many systems.

The other mitigating factor is that the attacker must be skilled and the timing of the steps allows only a tiny window for attack.

The circumvention

Regardless of the small probability of a successful attack, it behooves us as SysAdmins to do our best to circumvent the issue until a fix can be released. Fortunately, the Hacker News article contains an excellent circumvention. It’s only necessary to turn off the core dump function for SUID programs.

This can be accomplished directly on the command line using this command as root. This command disables core dumps for SUID programs when they crash. It does so immediately with no reboot required by changing the configuration of the running kernel — a feat not possible with operating systems that aren’t Unix or Linux.

# echo 0 > /proc/sys/fs/suid_dumpable

That change isn’t persistent after a reboot. It can be made persistent by adding the following lines to the /etc/sysctl.d/local-sysctl.conf file. Create the file if it doesn’t exist. I use a comment to indicate to myself, or other SysAdmins, why the line is there, and that it can be removed when the listed CVEs are resolved.

# Turn off SUID core dumps to mitigate CVE-2025-5054 and CVE-2025-4598
sys.fs.suid_dumpable = 0

My entire local-sysctl.conf file looks like this. You can see the other kernel configuration overrides I do on all my systems.

################################################################################
#                            local-sysctl.conf                                 #
#                                                                              #
# Local kernel option settings.                                                #
# Install this file in the /etc/sysctl.d directory.                            #
#                                                                              #
# Use the command: sysctl -p /etc/sysctl.d/local-sysctl.conf to activate.      #
#                                                                              #
################################################################################
################################################################################
# Local Network settings - Specifically to disable IPV6                        #
################################################################################
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# Turn off SUID core dumps to mitigate CVE-2025-5054 and CVE-2025-4598
sys.fs.suid_dumpable = 0

################################################################################
# Virtual Memory                                                               #
################################################################################
# Set swappiness from 0 to 100
vm.swappiness = 1

The /proc filesystem

The /proc filesystem is defined by the FHS, which I explore in Chapter 19 of my book, “Using and Administering Linux: Volume 2 –  Zero to SysAdmin: Advanced Topics,” as the location for Linux to store information about the system, the kernel, and all processes running on the host. It is intended to be a place for the kernel to expose information about itself in order to facilitate access to data about the system. It is also designed to provide access to view kernel configuration parameters and to modify many of them when necessary in order to allow the SysAdmin to tune the running system without needing to perform reboots after making changes.

When used as a window into the state of the operating system and its view of the system and hardware, it provides easy access to virtually every bit of information you might want as a SysAdmin.

The capability to make changes to the running kernel on the fly and without a reboot is a powerful tool. It allows you to make instant changes to the Linux kernel to resolve a problem, enable a function, or tune performance, as we’ve seen here.

Both.org has two articles about the /proc filesystem that you might find useful.

• Unlocking the secrets of the /proc filesystem
• How to tune the Linux kernel with the /proc filesystem

1. SUID stands for “Set User ID.” It’s a way to allow non-root users to run programs with some root privileges. ↩︎