Описание
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 237-3ubuntu10.38 |
| devel | released | 244.1-0ubuntu3 |
| eoan | released | 242-7ubuntu3.6 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | released | 237-3ubuntu10.38 |
| esm-infra/focal | released | 244.1-0ubuntu3 |
| esm-infra/xenial | released | 229-4ubuntu21.27 |
| focal | released | 244.1-0ubuntu3 |
| groovy | released | 244.1-0ubuntu3 |
| hirsute | released | 244.1-0ubuntu3 |
Показывать по
EPSS
4.6 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before version v245-rc1 where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges by sending specially crafted dbus messages.
A heap use-after-free vulnerability was found in systemd before versio ...
EPSS
4.6 Medium
CVSS2
7.8 High
CVSS3