Sign in Get started

← All advisories

Medium severity5.5NVD Advisory· Published Mar 23, 2026· Updated Apr 15, 2026

CVE-2026-29111

CVE-2026-29111

Description

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

Affected products

1

Systemd Project/Systemd
cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
Range: >=239,<257.11

Patches

10

1d22f706bd04

https://github.com/systemd/systemdvia nvd-ref

20021e768642

https://github.com/systemd/systemdvia nvd-ref

21167006574d

https://github.com/systemd/systemdvia nvd-ref

3cee294fe8cf

https://github.com/systemd/systemdvia nvd-ref

42aee39107fb

https://github.com/systemd/systemdvia nvd-ref

54588d2dedff

https://github.com/systemd/systemdvia nvd-ref

7ac322021369

https://github.com/systemd/systemdvia nvd-ref

80acea4ef80a

https://github.com/systemd/systemdvia nvd-ref

b5fd14693057

https://github.com/systemd/systemdvia nvd-ref

efa6ba2ab625

https://github.com/systemd/systemdvia nvd-ref

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

11

News mentions

0

No linked articles in our index yet.