New Linux Flaws Expose Password Hash Theft Risks via Core Dumps in Ubuntu, RHEL, and Fedora

Cybersecurity experts have uncovered critical vulnerabilities in popular Linux distributions Ubuntu, Red Hat Enterprise Linux (RHEL), and Fedora that allow attackers to steal password hashes through improperly handled core dump files. This exposure could lead to privilege escalation and wider network compromise.

Core dumps are snapshots of a running program’s memory taken during crashes for debugging. However, due to insufficient restrictions on core dump files, sensitive information including password hashes from memory can be extracted by unauthorized users with local access. Attackers exploiting this flaw can potentially escalate privileges and move laterally within enterprise environments.

Affected Linux versions span multiple recent releases, raising concerns for organizations running critical workloads on these platforms. While patches have been released by Canonical and Red Hat, many environments remain unpatched or unaware of the risk.

Security teams should urgently verify their patch management processes and audit core dump configurations. Disabling core dumps for processes handling sensitive authentication data or enforcing stricter system controls can help mitigate exploitation.

This vulnerability underscores a broader challenge in Linux security balancing debugging convenience against information leakage risks. Organizations relying on Linux infrastructure for mission-critical applications must integrate core dump security into their broader vulnerability management and incident response plans.

By understanding and addressing these flaws, cybersecurity leaders can better protect enterprise Linux systems from sophisticated local attacks aimed at stealing credentials and undermining trust boundaries.