CVE-2019-6454 — Out-of-bounds Write in Project Systemd
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 70.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 21
Latest updateMay 13
Description
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages8 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 29, Ubuntu Linux 16.04, 18.04, 18.10, Enterprise Linux 8.0, 7.4, 7.5, 8.1, 8.2, 8.4, 7.3, 7.6
Patches
🔴Vulnerability Details
3📋Vendor Advisories
5Microsoft▶
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D↗2019-03-12
Red Hat
▶
Debian▶
CVE-2019-6454: systemd - An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsys...↗2019