rpm package
opensuse/systemd&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/systemd&distro=openSUSE%20Tumbleweed
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-29111 | Med | 5.5 | < 259.5-1.3 | 259.5-1.3 | Mar 23, 2026 | systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v2 | |
| CVE-2026-4105 | Med | 6.7 | < 259.5-1.3 | 259.5-1.3 | Mar 13, 2026 | A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to registe | |
| CVE-2025-4598 | Med | 4.7 | < 257.7-1.1 | 257.7-1.1 | May 30, 2025 | A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, load | |
| CVE-2023-7008 | — | < 254.8-4.1 | 254.8-4.1 | Dec 23, 2023 | A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | ||
| CVE-2022-4415 | — | < 252.3-2.1 | 252.3-2.1 | Jan 11, 2023 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | ||
| CVE-2022-3821 | — | < 254.5-3.1 | 254.5-3.1 | Nov 8, 2022 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | ||
| CVE-2021-3997 | — | < 249.7-3.1 | 249.7-3.1 | Aug 23, 2022 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | ||
| CVE-2021-33910 | — | < 249.4-2.2 | 249.4-2.2 | Jul 20, 2021 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | ||
| CVE-2020-13529 | — | < 249.4-2.2 | 249.4-2.2 | May 10, 2021 | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigu | ||
| CVE-2020-1712 | — | < 249.4-2.2 | 249.4-2.2 | Mar 31, 2020 | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei | ||
| CVE-2019-20386 | — | < 249.4-2.2 | 249.4-2.2 | Jan 21, 2020 | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | ||
| CVE-2018-21029 | — | < 249.4-2.2 | 249.4-2.2 | Oct 30, 2019 | systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability | ||
| CVE-2019-3843 | — | < 249.4-2.2 | 249.4-2.2 | Apr 26, 2019 | It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a | ||
| CVE-2019-3844 | — | < 249.4-2.2 | 249.4-2.2 | Apr 26, 2019 | It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access r | ||
| CVE-2019-3842 | — | < 249.4-2.2 | 249.4-2.2 | Apr 9, 2019 | In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be | ||
| CVE-2019-6454 | — | < 249.4-2.2 | 249.4-2.2 | Mar 17, 2019 | An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a speciall | ||
| CVE-2018-16865 | — | < 249.4-2.2 | 249.4-2.2 | Jan 11, 2019 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw | ||
| CVE-2018-16864 | — | < 249.4-2.2 | 249.4-2.2 | Jan 11, 2019 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate hi | ||
| CVE-2018-15688 | — | < 249.4-2.2 | 249.4-2.2 | Oct 26, 2018 | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | ||
| CVE-2018-15687 | — | < 249.4-2.2 | 249.4-2.2 | Oct 26, 2018 | A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. |
- affected < 259.5-1.3fixed 259.5-1.3
systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v2
- affected < 259.5-1.3fixed 259.5-1.3
A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to registe
- affected < 257.7-1.1fixed 257.7-1.1
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, load
- CVE-2023-7008Dec 23, 2023affected < 254.8-4.1fixed 254.8-4.1
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
- CVE-2022-4415Jan 11, 2023affected < 252.3-2.1fixed 252.3-2.1
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
- CVE-2022-3821Nov 8, 2022affected < 254.5-3.1fixed 254.5-3.1
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
- CVE-2021-3997Aug 23, 2022affected < 249.7-3.1fixed 249.7-3.1
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
- CVE-2021-33910Jul 20, 2021affected < 249.4-2.2fixed 249.4-2.2
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
- CVE-2020-13529May 10, 2021affected < 249.4-2.2fixed 249.4-2.2
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigu
- CVE-2020-1712Mar 31, 2020affected < 249.4-2.2fixed 249.4-2.2
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei
- CVE-2019-20386Jan 21, 2020affected < 249.4-2.2fixed 249.4-2.2
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
- CVE-2018-21029Oct 30, 2019affected < 249.4-2.2fixed 249.4-2.2
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability
- CVE-2019-3843Apr 26, 2019affected < 249.4-2.2fixed 249.4-2.2
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a
- CVE-2019-3844Apr 26, 2019affected < 249.4-2.2fixed 249.4-2.2
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access r
- CVE-2019-3842Apr 9, 2019affected < 249.4-2.2fixed 249.4-2.2
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be
- CVE-2019-6454Mar 17, 2019affected < 249.4-2.2fixed 249.4-2.2
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a speciall
- CVE-2018-16865Jan 11, 2019affected < 249.4-2.2fixed 249.4-2.2
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw
- CVE-2018-16864Jan 11, 2019affected < 249.4-2.2fixed 249.4-2.2
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate hi
- CVE-2018-15688Oct 26, 2018affected < 249.4-2.2fixed 249.4-2.2
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
- CVE-2018-15687Oct 26, 2018affected < 249.4-2.2fixed 249.4-2.2
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
Page 1 of 2