From 94e7d50106b7435e409b4ef8ed4cbebb75ac3a58 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 30 May 2025 14:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/4xxx/CVE-2025-4598.json | 172 ++++++++++++++++++++++++++++++++++- 1 file changed, 168 insertions(+), 4 deletions(-) diff --git a/2025/4xxx/CVE-2025-4598.json b/2025/4xxx/CVE-2025-4598.json index a0c4923d88d..b33f6f41d7a 100644 --- a/2025/4xxx/CVE-2025-4598.json +++ b/2025/4xxx/CVE-2025-4598.json @@ -1,17 +1,181 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Signal Handler Race Condition", + "cweId": "CWE-364" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 10", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-4598", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-4598" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2025/05/29/3" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 > /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it's not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] }