They’re fascinating:

Listed as CVE-2025-5054 and CVE-2025-4598, these flaws are race condition errors that could allow a local intruder to gain access to protected data. Utilities such as Apport and systemd-coredump are built to manage crash reporting and core dumps within Linux environments.

[…]

“This implies that if a local attacker succeeds in triggering a crash in a privileged process and swiftly substitutes it with another that shares the same process ID within a mount and pid namespace, apport will try to redirect the core dump (which may contain confidential data from the original, privileged process) into the namespace.”

Moderate risk level, but certainly merits attention.

Slashdot discussion.