Описание
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
Отчет
This flaw is rated as important because this flaw can easily compromise the confidentiality, integrity, or availability of resources but that allows local or authenticated users to gain additional privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication or other controls, allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service. But this flaw does not easily exploit by a remote unauthenticated attacker.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | systemd | Not affected | ||
| Red Hat Enterprise Linux 7 | systemd | Fixed | RHSA-2022:6160 | 24.08.2022 |
| Red Hat Enterprise Linux 8 | systemd | Fixed | RHSA-2022:6206 | 29.08.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | systemd | Fixed | RHSA-2022:6163 | 24.08.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | systemd | Fixed | RHSA-2022:6162 | 24.08.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | systemd | Fixed | RHSA-2022:6161 | 24.08.2022 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | redhat-virtualization-host | Fixed | RHSA-2022:6551 | 19.09.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
A use-after-free vulnerability was found in systemd. This issue occurs ...
EPSS
9.8 Critical
CVSS3