High severity7.8NVD Advisory· Published Oct 26, 2018· Updated Jun 17, 2026
CVE-2018-15686
CVE-2018-15686
Description
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26<=239+ 1 more
- (no CPE)range: <=239
- (no CPE)range: unspecified
- osv-coords24 versionspkg:apk/chainguard/py3.10-systemdpkg:apk/chainguard/py3.11-systemdpkg:apk/chainguard/py3.12-systemdpkg:apk/chainguard/py3.13-systemdpkg:apk/chainguard/py3-supported-systemdpkg:apk/chainguard/py3-systemdpkg:rpm/opensuse/systemd&distro=openSUSE%20Tumbleweedpkg:rpm/suse/systemd&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/systemd&distro=SUSE%20OpenStack%20Cloud%207
< 0+ 23 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 249.4-2.2
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 234-24.15.1
- (no CPE)range: < 210-116.19.1
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 210-70.74.1
- (no CPE)range: < 210-116.19.1
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
- (no CPE)range: < 228-150.53.3
Patches
Vulnerability mechanics
References
11- github.com/systemd/systemd/pull/10519nvdPatchThird Party Advisory
- www.exploit-db.com/exploits/45714/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/105747nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2019:2091nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:3222nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2020:0593nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/11/msg00017.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201810-10nvdThird Party Advisory
- usn.ubuntu.com/3816-1/nvdThird Party Advisory
- www.oracle.com//security-alerts/cpujul2021.htmlnvdThird Party Advisory
- lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Envd
News mentions
0No linked articles in our index yet.