Описание
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Ссылки
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before version v245-rc1 where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before versio ...
EPSS
7.8 High
CVSS3
4.6 Medium
CVSS2