Unrated severityNVD Advisory· Published Nov 23, 2022· Updated Apr 25, 2025
CVE-2022-45873
CVE-2022-45873
Description
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
Affected products
11- systemd/systemddescription
- osv-coords10 versionspkg:rpm/almalinux/systemdpkg:rpm/almalinux/systemd-containerpkg:rpm/almalinux/systemd-develpkg:rpm/almalinux/systemd-journal-remotepkg:rpm/almalinux/systemd-libspkg:rpm/almalinux/systemd-oomdpkg:rpm/almalinux/systemd-pampkg:rpm/almalinux/systemd-resolvedpkg:rpm/almalinux/systemd-rpm-macrospkg:rpm/almalinux/systemd-udev
< 250-12.el9_1.3+ 9 more
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
- (no CPE)range: < 250-12.el9_1.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/mitrevendor-advisory
- github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437mitre
- github.com/systemd/systemd/pull/24853mitre
- github.com/systemd/systemd/pull/25055mitre
News mentions
0No linked articles in our index yet.