Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Systemd Project Subscribe
Total 43 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26604 1 Systemd Project 1 Systemd 2023-03-10 N/A 7.8 HIGH
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
CVE-2022-45873 2 Fedoraproject, Systemd Project 2 Fedora, Systemd 2023-03-01 N/A 5.5 MEDIUM
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
CVE-2018-16866 5 Canonical, Debian, Netapp and 2 more 21 Ubuntu Linux, Debian Linux, Active Iq Performance Analytics Services and 18 more 2023-02-12 2.1 LOW 3.3 LOW
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
CVE-2018-16865 5 Canonical, Debian, Oracle and 2 more 11 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 8 more 2023-02-12 4.6 MEDIUM 7.8 HIGH
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
CVE-2018-16864 5 Canonical, Debian, Oracle and 2 more 11 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 8 more 2023-02-12 4.6 MEDIUM 7.8 HIGH
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
CVE-2022-4415 1 Systemd Project 1 Systemd 2023-02-02 N/A 5.5 MEDIUM
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
CVE-2022-2526 2 Netapp, Systemd Project 10 Active Iq Unified Manager, H300s, H300s Firmware and 7 more 2023-01-19 N/A 9.8 CRITICAL
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
CVE-2022-3821 3 Fedoraproject, Redhat, Systemd Project 3 Fedora, Enterprise Linux, Systemd 2022-12-02 N/A 5.5 MEDIUM
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
CVE-2020-1712 3 Debian, Redhat, Systemd Project 7 Debian Linux, Ceph Storage, Discovery and 4 more 2022-11-29 4.6 MEDIUM 7.8 HIGH
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVE-2021-3997 3 Fedoraproject, Redhat, Systemd Project 3 Fedora, Enterprise Linux, Systemd 2022-10-18 N/A 5.5 MEDIUM
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
CVE-2020-13529 3 Fedoraproject, Netapp, Systemd Project 4 Fedora, Active Iq Unified Manager, Cloud Backup and 1 more 2022-10-06 2.9 LOW 6.1 MEDIUM
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
CVE-2018-21029 2 Fedoraproject, Systemd Project 2 Fedora, Systemd 2022-07-08 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent).
CVE-2021-33910 4 Debian, Fedoraproject, Netapp and 1 more 5 Debian Linux, Fedora, Hci Management Node and 2 more 2022-06-14 4.9 MEDIUM 5.5 MEDIUM
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
CVE-2019-15718 3 Fedoraproject, Redhat, Systemd Project 14 Fedora, Enterprise Linux, Enterprise Linux Eus and 11 more 2022-02-19 3.6 LOW 4.4 MEDIUM
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
CVE-2018-20839 2 Netapp, Systemd Project 5 Cn1610, Cn1610 Firmware, Snapprotect and 2 more 2022-02-19 4.3 MEDIUM 9.8 CRITICAL
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
CVE-2019-6454 8 Canonical, Debian, Fedoraproject and 5 more 22 Ubuntu Linux, Debian Linux, Fedora and 19 more 2022-02-19 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
CVE-2017-15908 2 Canonical, Systemd Project 2 Ubuntu Linux, Systemd 2022-02-19 5.0 MEDIUM 7.5 HIGH
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
CVE-2019-3843 4 Canonical, Fedoraproject, Netapp and 1 more 8 Ubuntu Linux, Fedora, Cn1610 and 5 more 2022-01-31 4.6 MEDIUM 7.8 HIGH
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
CVE-2019-3844 3 Canonical, Netapp, Systemd Project 7 Ubuntu Linux, Cn1610, Cn1610 Firmware and 4 more 2022-01-31 4.6 MEDIUM 7.8 HIGH
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
CVE-2019-3842 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2022-01-31 4.4 MEDIUM 7.0 HIGH
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".