1 rule found for "Milad Cheraghi"
Detects attempts of an attacker to enable core dumps for set-user-ID (SUID) processes by modifying the system file /proc/sys/fs/suid_dumpable, typically by setting its value to 1 or 2. Enabling this feature allows memory dumps (core dumps) of SUID processes, which usually run with elevated privileges. These dumps may contain sensitive information such as passwords, cryptographic keys or other secrets. CVE-2025-5054: Information leak via core dumps from SUID binaries using apport. CVE-2025-4598: Information disclosure in systemd-coredump due to insecure handling of SUID process memory dumps.