CVE-2022-4415

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
systemd_projectsystemd
246 ≤
𝑥
< 253
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bullseye
247.3-7+deb11u5
fixed
buster
ignored
bullseye (security)
247.3-7+deb11u6
fixed
bookworm
252.30-1~deb12u2
fixed
sid
256.7-3
fixed
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
kinetic
Fixed 251.4-1ubuntu7.1
released
jammy
Fixed 249.11-0ubuntu3.7
released
focal
Fixed 245.4-4ubuntu3.20
released
bionic
ignored
xenial
ignored
trusty
not-affected
Common Weakness Enumeration
References
https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c
https://www.openwall.com/lists/oss-security/2022/12/21/3
https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c
https://security.netapp.com/advisory/ntap-20230216-0010/
https://www.openwall.com/lists/oss-security/2022/12/21/3