Описание
A flaw was found in systemd. A local unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with a specially crafted array or map containing a null element. This can trigger an assert, leading to a Denial of Service (DoS) condition, which makes the system unavailable.
Отчет
A flaw in systemd allows a local unprivileged user to cause a Denial of Service by making a crafted Inter-Process Communication (IPC) API call. The issue is restricted to systemd v260 only, the systemd versions as shipped as with Red Hat products are not affected by this vulnerability as it doesn't ship the commit which introduced the vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 10 | rpm-ostree | Not affected | ||
| Red Hat Enterprise Linux 10 | systemd | Not affected | ||
| Red Hat Enterprise Linux 7 | systemd | Not affected | ||
| Red Hat Enterprise Linux 8 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 8 | systemd | Not affected | ||
| Red Hat Enterprise Linux 9 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 9 | systemd | Not affected | ||
| Red Hat Hardened Images | systemd | Affected | ||
| Red Hat OpenShift Container Platform 4 | NetworkManager | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
In systemd 260 before 261, a local unprivileged user can trigger an as ...
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
EPSS
6.2 Medium
CVSS3