Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
Summary
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9; Red Hat Ceph Storage 7; Red Hat Ceph Storage 8; and 5 more. Affected products named by the advisory: Red Hat Discovery 2; Red Hat Insights proxy 1.5; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; and 1 more.
- 253.0
- 254.0
- 255.0
- 256.0
- 257.0
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- 252.37
- 253.32
- 254.25
- 255.19
- 256.14
- 257.6
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.