CVE-2020-1712

EUVD-2020-12567
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
systemd_projectsystemd
𝑥
≤ 244
redhatceph_storage
4.0
redhatdiscovery
-
redhatmigration_toolkit
1.0
redhatopenshift_container_platform
4.0
redhatenterprise_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bookworm
252.30-1~deb12u2
fixed
bullseye
247.3-7+deb11u5
fixed
bullseye (security)
247.3-7+deb11u6
fixed
jessie
not-affected
sid
256.7-3
fixed
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
bionic
Fixed 237-3ubuntu10.38
released
eoan
Fixed 242-7ubuntu3.6
released
focal
Fixed 244.1-0ubuntu3
released
groovy
Fixed 244.1-0ubuntu3
released
hirsute
Fixed 244.1-0ubuntu3
released
impish
Fixed 244.1-0ubuntu3
released
jammy
Fixed 244.1-0ubuntu3
released
kinetic
Fixed 244.1-0ubuntu3
released
lunar
Fixed 244.1-0ubuntu3
released
mantic
Fixed 244.1-0ubuntu3
released
noble
Fixed 244.1-0ubuntu3
released
trusty
needed
xenial
Fixed 229-4ubuntu21.27
released
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html
https://www.openwall.com/lists/oss-security/2020/02/05/1
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html
https://www.openwall.com/lists/oss-security/2020/02/05/1