cbcvebase.

Systemd Project Systemd vulnerabilities

61 known vulnerabilities affecting systemd_project/systemd.

Total CVEs
61
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH20MEDIUM30LOW7

Vulnerabilities

Page 2 of 4
CVE-2022-2526P3CRITICALCVSS 9.8v2402022-09-09
CVE-2022-2526 [CRITICAL] CWE-416 CVE-2022-2526: A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() fun A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when
nvdosv
CVE-2020-1712P3HIGHCVSS 7.8≤ 2442020-03-31
CVE-2020-1712 [HIGH] CWE-416 CVE-2020-1712: A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
nvdosv
CVE-2018-6954P3HIGHCVSS 7.8≤ 2372018-02-13
CVE-2018-6954 [HIGH] CWE-59 CVE-2018-6954: systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turne
nvdosv
CVE-2026-40224P3HIGHCVSS 7.3≥ 259, < 259.32026-04-10
CVE-2026-40224 [HIGH] CWE-863 CVE-2026-40224: In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink c In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
nvd
CVE-2026-4105P3MEDIUMCVSS 6.7≥ 0, < 260~rc3-12026-03-13
CVE-2026-4105 [MEDIUM] CVE-2026-4105: A flaw was found in systemd A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods o
osv
CVE-2018-1049P4MEDIUMCVSS 5.9fixed in 2342018-02-16
CVE-2018-1049 [MEDIUM] CWE-362 CVE-2018-1049: In systemd prior to 234 a race condition exists between .mount and .automount units such that automo In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
nvdosv
CVE-2021-33910P4MEDIUMCVSS 5.5fixed in 246.15≥ 247, < 247.8+2 more2021-07-20
CVE-2021-33910 [MEDIUM] CWE-770 CVE-2021-33910: basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with a basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
nvdosv
CVE-2026-40225P4MEDIUMCVSS 6.4fixed in 257.13≥ 258, < 258.7+1 more2026-04-10
CVE-2026-40225 [MEDIUM] CWE-669 CVE-2026-40225: In udev in systemd before 260, local root execution can occur via malicious hardware devices and uns In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
nvd
CVE-2020-13776P4MEDIUMCVSS 6.7≤ 2452020-06-03
CVE-2020-13776 [MEDIUM] CVE-2020-13776: systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x fo systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
nvdosv
CVE-2023-7008P4MEDIUMCVSS 5.9v252023-12-23
CVE-2023-7008 [MEDIUM] CWE-300 CVE-2023-7008: A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept recor A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
nvdosv
CVE-2026-40226P4MEDIUMCVSS 6.4≥ 233, < 257.12≥ 258, < 258.6+1 more2026-04-10
CVE-2026-40226 [MEDIUM] CWE-348 CVE-2026-40226: In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted op In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
nvd
CVE-2020-13529P4MEDIUMCVSS 6.1v245vCanonical Ubuntu 20.04 LTS, Systemd 2452021-05-10
CVE-2020-13529 [MEDIUM] CWE-290 CVE-2020-13529: An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCE An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
nvdosv
CVE-2026-29111P4MEDIUMCVSS 5.5≥ 239, < 257.11≥ 258, < 258.5+1 more2026-03-23
CVE-2026-29111 [MEDIUM] CWE-269 CVE-2026-29111: systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unpri systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert
nvdosv
CVE-2023-31439P4MEDIUMCVSS 5.3v2532023-06-13
CVE-2023-31439 [MEDIUM] CWE-354 CVE-2023-31439: An issue was discovered in systemd 253. An attacker can modify the contents of past events in a seal An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
nvd
CVE-2023-31437P4MEDIUMCVSS 5.3v2532023-06-13
CVE-2023-31437 [MEDIUM] CWE-354 CVE-2023-31437: An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
nvd
CVE-2023-31438P4MEDIUMCVSS 5.3v2532023-06-13
CVE-2023-31438 [MEDIUM] CWE-354 CVE-2023-31438: An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume l An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
nvd
CVE-2025-4598P4MEDIUMCVSS 4.7fixed in 252.37≥ 253, < 253.32+4 more2025-05-30
CVE-2025-4598 [MEDIUM] CWE-364 CVE-2025-4598: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type o
nvdosv
CVE-2019-6454P4MEDIUMCVSS 5.5v2392019-03-21
CVE-2019-6454 [MEDIUM] CWE-787 CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the sta
nvdosv
CVE-2022-4415P4MEDIUMCVSS 5.5≥ 246, < 253vsystemd >= 2472023-01-11
CVE-2022-4415 [MEDIUM] CWE-200 CVE-2022-4415: A vulnerability was found in systemd. This security flaw can cause a local information leak due to s A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
nvdosv
CVE-2021-3997P4MEDIUMCVSS 5.5≥ 240, < 250.2vFixed in v251-rc12022-08-23
CVE-2021-3997 [MEDIUM] CWE-674 CVE-2021-3997: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of s A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
nvdosv
Systemd Project Systemd vulnerabilities | cvebase