CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
systemd_projectsystemd
250 ≤
𝑥
≤ 251
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bookworm
252.30-1~deb12u2
fixed
bullseye
247.3-7+deb11u5
not-affected
bullseye (security)
247.3-7+deb11u6
fixed
buster
not-affected
sid
256.7-3
fixed
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
Fixed 251.4-1ubuntu7.1
released
trusty
not-affected
xenial
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
systemd
RHEL 9
0:250-12.el9_1.3
fixed
systemd-container
RHEL 9
0:250-12.el9_1.3
fixed
systemd-devel
RHEL 9
0:250-12.el9_1.3
fixed
systemd-journal-remote
RHEL 9
0:250-12.el9_1.3
fixed
systemd-libs
RHEL 9
0:250-12.el9_1.3
fixed
systemd-oomd
RHEL 9
0:250-12.el9_1.3
fixed
systemd-pam
RHEL 9
0:250-12.el9_1.3
fixed
systemd-resolved
RHEL 9
0:250-12.el9_1.3
fixed
systemd-rpm-macros
RHEL 9
0:250-12.el9_1.3
fixed
systemd-udev
RHEL 9
0:250-12.el9_1.3
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
systemd
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-container
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-container-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-debugsource
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-devel
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-journal-remote
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-journal-remote-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-libs
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-libs-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-networkd
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-networkd-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-oomd-defaults
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-pam
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-pam-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-resolved
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-resolved-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-rpm-macros
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-standalone-sysusers
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-standalone-sysusers-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-standalone-tmpfiles
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-standalone-tmpfiles-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-tests
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-tests-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-udev
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
systemd-udev-debuginfo
Amazon Linux 2023
0:252.4-1161.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
systemd
CBL-Mariner 2.0
0:250.3-12.cm2
fixed
systemd-bootstrap
Azure Linux 3.0
0:250.3-17.azl3
fixed