Re: Local information disclosure in apport and systemd-coredump

[Jelle van der Waa <jelle () vdwaa nl>]

On 29/05/2025 19:17, Qualys Security Advisory wrote:
> Qualys Security Advisory
>
> Local information disclosure in apport and systemd-coredump
> (CVE-2025-5054 and CVE-2025-4598)
<snip>
> The fix for these vulnerabilities is twofold:
>
> - always take account of the kernel's per-process "dumpable" flag (the
>    %d specifier), in every code path, to decide whether a non-root user
>    should be given read access to a core dump or not;
>
> - use the new %F specifier in /proc/sys/kernel/core_pattern (a pidfd to
>    the crashed process), which was implemented during this coordinated
>    vulnerability disclosure, to detect whether the crashed process was
>    replaced or not with another process, before its analysis; for more
>    information:
>
>    https://lore.kernel.org/all/20250414-work-coredump-v2-0-685bf231f828 () kernel org/
Christian Brauner has backported fixes for this issue to all stable 
kernel series. Quoting his mastodon post:

> I have done custom backports of the patches to install a pidfd into 
the legacy usermodehelper coredump handler for v6.12, v6.6, v6.1, v5.14, 
v5.10, and v5.4.

LKML post:

https://lore.kernel.org/linux-fsdevel/20250602-eilte-experiment-4334f67dc5d8@brauner/T/#m03e7e205c913101dc452c391bf283661049ca494