#VU17752 Input validation error in systemd


Vulnerability identifier: #VU17752

Vulnerability risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-6454

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
systemd
Server applications / Other server solutions

Vendor: Freedesktop.org

Description
The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to incorrect handling of certain D-Bus messages. A local attacker can supply specially crafted D-Bus messages to crash the init process, resulting in a system denial-of-service (kernel panic).

Mitigation
Install update from vendor's website.

Vulnerable software versions

systemd: All versions

External links
http://github.com/systemd/systemd/commit/612b74d32f970c43c14ad087ad086424792981b1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Unity Family
Multiple vulnerabilities in Dell EMC Cyber Recovery
Red Hat update for systemd
Red Hat update for systemd
Red Hat update for systemd
OpenSUSE Linux update for systemd
Red Hat update for systemd
Gentoo update for systemd
Red Hat update for redhat-virtualization-host
OpenSUSE Linux update for systemd