Skip to main content

Systemd

41 CVEs product

Monthly

CVE-2026-40228 LOW Monitor

systemd-journald in systemd 259 allows local attackers to send ANSI escape sequences to terminals of arbitrary users via the logger utility when ForwardToWall=yes is enabled, enabling terminal manipulation and information disclosure attacks with low CVSS impact but realistic local access requirements.

Information Disclosure Systemd
NVD VulDB
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-40225 MEDIUM PATCH This Month

Local root code execution in systemd's udev subsystem before version 260 allows attackers with physical access to craft malicious hardware devices that exploit unsanitized kernel output, achieving privilege escalation from local user context to root. The attack requires physical device insertion but no user interaction; CVSS 6.4 reflects the physical attack vector constraint, though successful exploitation grants complete system compromise. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Systemd
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-40224 MEDIUM PATCH This Month

Local privilege escalation in systemd 259 before 260 allows authenticated local users to gain root-level access via varlink communication to systemd-machined, exploiting improper namespace isolation. The vulnerability requires low privileges, high attack complexity, and user interaction, affecting the systemd init system across Linux distributions. No public exploit code or active exploitation has been confirmed at time of analysis.

Privilege Escalation Authentication Bypass Systemd
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-40223 MEDIUM PATCH This Month

Local denial of service in systemd 258 through 259 allows unprivileged users to trigger an assertion failure by interacting with service units configured with Delegate=yes and no explicit User setting, causing the systemd daemon to crash. The vulnerability requires local access and specific unit configuration but poses moderate risk to system availability with a CVSS score of 4.7 and no active exploitation currently identified.

Information Disclosure Systemd
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-4598 MEDIUM POC PATCH This Month

A vulnerability was found in systemd-coredump. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Linux Systemd Openshift Container Platform Enterprise Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-7008 MEDIUM This Month

A vulnerability was found in systemd-resolved. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2023-31439 MEDIUM PATCH This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31438 MEDIUM This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-31437 MEDIUM This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-26604 HIGH POC This Week

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Debian Linux Systemd
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-45873 MEDIUM PATCH This Month

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Systemd Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3821 MEDIUM POC PATCH This Month

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2526 CRITICAL PATCH Act Now

A use-after-free vulnerability was found in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Systemd Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-33910 MEDIUM POC PATCH This Month

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Fedora Debian Linux Hci Management Node +1
NVD GitHub
CVSS 3.1
5.5
EPSS
8.6%
CVE-2020-13776 MEDIUM PATCH This Month

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user. Rated medium severity (CVSS 6.7). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Systemd Active Iq Unified Manager Solidfire Hci Management Node Fedora
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-1712 HIGH PATCH This Week

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Systemd Ceph Storage +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-15718 MEDIUM POC PATCH This Month

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Fedora Openshift Container Platform Enterprise Linux +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-3844 HIGH POC PATCH This Week

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Ubuntu Linux Hci Management Node Snapprotect +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-3843 HIGH POC PATCH This Week

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Fedora Ubuntu Linux Hci Management Node +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-3842 HIGH POC This Week

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Systemd Enterprise Linux Fedora Debian Linux
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
1.2%
CVE-2019-6454 MEDIUM POC PATCH This Month

An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Systemd Leap +20
NVD GitHub
CVSS 3.1
5.5
EPSS
2.0%
CVE-2018-15688 HIGH PATCH This Week

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Systemd Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2018-15687 HIGH POC PATCH This Week

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Ubuntu Linux Systemd
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
1.1%
CVE-2018-15686 HIGH POC PATCH This Week

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Deserialization Ubuntu Linux Debian Linux Systemd +1
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2018-1049 MEDIUM PATCH This Month

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Systemd Enterprise Linux Enterprise Linux Aus +8
NVD
CVSS 3.1
5.9
EPSS
7.3%
CVE-2018-6954 HIGH POC This Week

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Systemd Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2017-15908 HIGH PATCH This Week

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Systemd Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2015-7510 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Systemd
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-1000082 CRITICAL PATCH Act Now

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Systemd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2017-9445 HIGH PATCH This Week

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Systemd
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2017-9217 HIGH PATCH This Week

systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Systemd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2016-10156 HIGH POC PATCH This Week

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Systemd
NVD GitHub Exploit-DB VulDB
CVSS 3.0
7.8
EPSS
0.7%
CVE-2016-7796 MEDIUM POC This Month

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Systemd Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Server +5
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-7795 MEDIUM POC This Month

The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Linux Systemd
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2012-0871 MEDIUM This Month

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Systemd Opensuse
NVD VulDB
CVSS 2.0
6.3
EPSS
0.1%
CVE-2013-4394 MEDIUM PATCH This Month

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the. Rated medium severity (CVSS 5.9). This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Systemd Debian Linux
NVD
CVSS 2.0
5.9
EPSS
0.1%
CVE-2013-4393 LOW PATCH Monitor

journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Systemd
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4392 MEDIUM This Month

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2013-4391 HIGH POC PATCH This Week

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Integer Overflow Systemd +1
NVD
CVSS 2.0
7.5
EPSS
3.7%
CVE-2013-4327 MEDIUM PATCH This Month

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race. Rated medium severity (CVSS 6.9).

Race Condition Authentication Bypass Systemd Debian Linux Ubuntu Linux
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2012-1174 LOW POC Monitor

The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Systemd
NVD
CVSS 2.0
3.3
EPSS
0.1%
EPSS 0% CVSS 2.9
LOW Monitor

systemd-journald in systemd 259 allows local attackers to send ANSI escape sequences to terminals of arbitrary users via the logger utility when ForwardToWall=yes is enabled, enabling terminal manipulation and information disclosure attacks with low CVSS impact but realistic local access requirements.

Information Disclosure Systemd
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Local root code execution in systemd's udev subsystem before version 260 allows attackers with physical access to craft malicious hardware devices that exploit unsanitized kernel output, achieving privilege escalation from local user context to root. The attack requires physical device insertion but no user interaction; CVSS 6.4 reflects the physical attack vector constraint, though successful exploitation grants complete system compromise. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Systemd
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Local privilege escalation in systemd 259 before 260 allows authenticated local users to gain root-level access via varlink communication to systemd-machined, exploiting improper namespace isolation. The vulnerability requires low privileges, high attack complexity, and user interaction, affecting the systemd init system across Linux distributions. No public exploit code or active exploitation has been confirmed at time of analysis.

Privilege Escalation Authentication Bypass Systemd
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Local denial of service in systemd 258 through 259 allows unprivileged users to trigger an assertion failure by interacting with service units configured with Delegate=yes and no explicit User setting, causing the systemd daemon to crash. The vulnerability requires local access and specific unit configuration but poses moderate risk to system availability with a CVSS score of 4.7 and no active exploitation currently identified.

Information Disclosure Systemd
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

A vulnerability was found in systemd-coredump. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Linux Systemd +3
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability was found in systemd-resolved. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Systemd
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Debian Linux Systemd
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Systemd Fedora
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Enterprise Linux +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A use-after-free vulnerability was found in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free +6
NVD GitHub
EPSS 9% CVSS 5.5
MEDIUM POC PATCH This Month

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Fedora +3
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user. Rated medium severity (CVSS 6.7). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Systemd Active Iq Unified Manager +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +7
NVD GitHub
EPSS 1% CVSS 4.4
MEDIUM POC PATCH This Month

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Fedora +12
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Ubuntu Linux +4
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Systemd Fedora +5
NVD Exploit-DB
EPSS 1% CVSS 7.0
HIGH POC This Week

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Systemd Enterprise Linux +2
NVD Exploit-DB
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption +22
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Systemd Debian Linux +7
NVD GitHub
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Ubuntu Linux +1
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Deserialization Ubuntu Linux +3
NVD GitHub Exploit-DB
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Systemd +10
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Systemd Ubuntu Linux +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Systemd Ubuntu Linux
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Systemd
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Systemd
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Systemd
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Systemd
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Systemd
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Systemd Suse Linux Enterprise Software Development Kit +7
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Linux Systemd
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Systemd Opensuse
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the. Rated medium severity (CVSS 5.9). This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Systemd Debian Linux
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Systemd
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service +3
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race. Rated medium severity (CVSS 6.9).

Race Condition Authentication Bypass Systemd +2
NVD
EPSS 0% CVSS 3.3
LOW POC Monitor

The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Systemd
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy