systemd Project systemd 252 Release Candidate 1

CPE Details

systemd Project systemd 252 Release Candidate 1
systemd_project
systemd
252
2022-11-28
13h09 +00:00
2022-11-28
13h35 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:systemd_project:systemd:252:rc1:*:*:*:*:*:*

Informations

Vendor

systemd_project

Product

systemd

Version

252

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-4415 2023-01-10 23h00 +00:00 A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
5.5
Medium
CVE-2022-45873 2022-11-23 00h00 +00:00 systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.