Releases2
Frequency4 months 3 days
Last Release
system and service manager

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
>= 259, < 259.36.7 MEDIUM

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

< 257.13, >= 258, < 258.7, >= 259, < 259.56.4 MEDIUM

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

>= 233, < 257.12, >= 258, < 258.6, >= 259, < 259.46.4 MEDIUM

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

= 2606.2 MEDIUM

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

= 2592.9 LOW

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

>= 258, < 2604.7 MEDIUM

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

>= 239, < 257.11, >= 258, < 258.5, >= 259, < 259.25.5 MEDIUM

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.