Skip to main content

Systemd CVE-2022-45873

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2022-11-23 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 23, 2022 - 23:15 nvd
MEDIUM 5.5

DescriptionNVD

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

AnalysisAI

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. Affected products include: Systemd Project Systemd, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2015-7510 CRITICAL POC
9.8 Sep 25

Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. Rated cr

CVE-2013-4391 HIGH POC
7.5 Oct 28

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cau

CVE-2016-10156 HIGH POC
7.8 Jan 23

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd tim

CVE-2023-26604 HIGH POC
7.8 Mar 03

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible su

CVE-2019-3844 HIGH POC
7.8 Apr 26

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of

CVE-2019-3843 HIGH POC
7.8 Apr 26

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allo

CVE-2018-15686 HIGH POC
7.8 Oct 26

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution

CVE-2018-6954 HIGH POC
7.8 Feb 13

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local

CVE-2019-3842 HIGH POC
7.0 Apr 09

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using t

CVE-2018-15687 HIGH POC
7.0 Oct 26

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary

CVE-2017-1000082 CRITICAL
9.8 Jul 07

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. Rated critical severity (CV

CVE-2022-2526 CRITICAL
9.8 Sep 09

A use-after-free vulnerability was found in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely

Share

CVE-2022-45873 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy