CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
opensuseleap
15.0
netappactive_iq_performance_analytics_services
-
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
redhatenterprise_linux
8.0
redhatenterprise_linux_compute_node_eus
7.5
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
7.4
redhatenterprise_linux_eus
7.5
redhatenterprise_linux_eus
8.1
redhatenterprise_linux_eus
8.2
redhatenterprise_linux_eus
8.4
redhatenterprise_linux_for_ibm_z_systems_eus
7.4
redhatenterprise_linux_for_ibm_z_systems_eus
7.5
redhatenterprise_linux_for_ibm_z_systems_eus
8.1
redhatenterprise_linux_for_ibm_z_systems_eus
8.2
redhatenterprise_linux_for_ibm_z_systems_eus
8.4
redhatenterprise_linux_for_power_big_endian_eus
7.4
redhatenterprise_linux_for_power_little_endian
8.0
redhatenterprise_linux_for_power_little_endian_eus
7.4
redhatenterprise_linux_for_power_little_endian_eus
7.5
redhatenterprise_linux_for_power_little_endian_eus
8.1
redhatenterprise_linux_for_power_little_endian_eus
8.2
redhatenterprise_linux_for_power_little_endian_eus
8.4
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
7.3
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
7.4
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.0
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.1
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.2
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.4
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
8.2
redhatenterprise_linux_server_tus
8.4
redhatenterprise_linux_server_update_services_for_sap_solutions
7.3
redhatenterprise_linux_server_update_services_for_sap_solutions
7.4
redhatenterprise_linux_server_update_services_for_sap_solutions
8.0
redhatenterprise_linux_server_update_services_for_sap_solutions
8.1
redhatenterprise_linux_server_update_services_for_sap_solutions
8.2
redhatenterprise_linux_workstation
7.0
mcafeeweb_gateway
𝑥
< 7.7.2.21
mcafeeweb_gateway
7.8.0 ≤
𝑥
< 7.8.2.8
mcafeeweb_gateway
8.0.0 ≤
𝑥
< 8.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bullseye
247.3-7+deb11u5
fixed
bullseye (security)
247.3-7+deb11u6
fixed
bookworm
252.30-1~deb12u2
fixed
sid
256.7-3
fixed
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
cosmic
Fixed 239-7ubuntu10.8
released
bionic
Fixed 237-3ubuntu10.13
released
xenial
Fixed 229-4ubuntu21.16
released
trusty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
http://www.openwall.com/lists/oss-security/2019/02/18/3
http://www.openwall.com/lists/oss-security/2019/02/19/1
http://www.openwall.com/lists/oss-security/2021/07/20/2
http://www.securityfocus.com/bid/107081
https://access.redhat.com/errata/RHSA-2019:0368
https://access.redhat.com/errata/RHSA-2019:0990
https://access.redhat.com/errata/RHSA-2019:1322
https://access.redhat.com/errata/RHSA-2019:1502
https://access.redhat.com/errata/RHSA-2019:2805
https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
https://kc.mcafee.com/corporate/index?page=content&id=SB10278
https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/
https://security.netapp.com/advisory/ntap-20190327-0004/
https://usn.ubuntu.com/3891-1/
https://www.debian.org/security/2019/dsa-4393
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
http://www.openwall.com/lists/oss-security/2019/02/18/3
http://www.openwall.com/lists/oss-security/2019/02/19/1
http://www.openwall.com/lists/oss-security/2021/07/20/2
http://www.securityfocus.com/bid/107081
https://access.redhat.com/errata/RHSA-2019:0368
https://access.redhat.com/errata/RHSA-2019:0990
https://access.redhat.com/errata/RHSA-2019:1322
https://access.redhat.com/errata/RHSA-2019:1502
https://access.redhat.com/errata/RHSA-2019:2805
https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
https://kc.mcafee.com/corporate/index?page=content&id=SB10278
https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/
https://security.netapp.com/advisory/ntap-20190327-0004/
https://usn.ubuntu.com/3891-1/
https://www.debian.org/security/2019/dsa-4393