Systemd Project Systemd vulnerabilities
61 known vulnerabilities affecting systemd_project/systemd.
Total CVEs
61
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH20MEDIUM30LOW7
Vulnerabilities
Page 3 of 4
CVE-2026-40227P4MEDIUMCVSS 5.5v2602026-04-10
CVE-2026-40227 [MEDIUM] CWE-1025 CVE-2026-40227: In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
nvd
CVE-2026-40223P4MEDIUMCVSS 5.5≥ 258, < 2602026-04-10
CVE-2026-40223 [MEDIUM] CWE-696 CVE-2026-40223: In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and U
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running.
nvd
CVE-2013-4392P4MEDIUMCVSS 5.0fixed in 2392013-10-28
CVE-2013-4392 [MEDIUM] CWE-59 CVE-2013-4392: systemd, when updating file permissions, allows local users to change the permissions and SELinux se
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
nvd
CVE-2012-0871P4MEDIUMCVSS 6.3≤ 037v1+35 more2014-04-18
CVE-2012-0871 [MEDIUM] CWE-59 CVE-2012-0871: The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibl
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
nvdosv
CVE-2013-4327P4MEDIUMCVSS 6.9≤ 2072013-10-03
CVE-2013-4327 [MEDIUM] CVE-2013-4327: systemd does not properly use D-Bus for communication with a polkit authority, which allows local us
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
nvdosv
CVE-2013-4394P4MEDIUMCVSS 5.9fixed in 1942013-10-28
CVE-2013-4394 [MEDIUM] CWE-276 CVE-2013-4394: The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
nvdosv
CVE-2022-3821P4MEDIUMCVSS 5.5≤ 251vFixed in systemd v252-rc12022-11-08
CVE-2022-3821 [MEDIUM] CWE-193 CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
nvdosv
CVE-2012-1101P4MEDIUMCVSS 5.5v372020-03-11
CVE-2012-1101 [MEDIUM] CVE-2012-1101: systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failu
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
nvdosv
CVE-2022-45873P4MEDIUMCVSS 5.5≥ 250, ≤ 251v2522022-11-23
CVE-2022-45873 [MEDIUM] CWE-400 CVE-2022-45873: systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to caus
nvdosv
CVE-2018-20839P4MEDIUMCVSS 4.3v2422019-05-17
CVE-2018-20839 [MEDIUM] CVE-2018-20839: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords i
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
nvd
CVE-2019-15718P4MEDIUMCVSS 4.4v2402019-09-04
CVE-2019-15718 [MEDIUM] CVE-2019-15718: In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order
nvdosv
CVE-2018-16888P4MEDIUMCVSS 4.7fixed in 2372019-01-14
CVE-2018-16888 [MEDIUM] CWE-250 CVE-2018-16888: It was discovered systemd does not correctly check the content of PIDFile files before using it to k
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/
nvdosv
CVE-2016-7796P4MEDIUMCVSS 5.5v209v213+2 more2016-10-13
CVE-2016-7796 [MEDIUM] CWE-20 CVE-2016-7796: The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
nvdosv
CVE-2016-7795P4MEDIUMCVSS 5.5≤ 2312016-10-13
CVE-2016-7795 [MEDIUM] CWE-20 CVE-2016-7795: The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
nvdosv
CVE-2026-40228P4LOWCVSS 3.3v2592026-04-10
CVE-2026-40228 [LOW] CWE-669 CVE-2026-40228: In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.
nvd
CVE-2018-16866P4LOWCVSS 3.3≥ 221, ≤ 2392019-01-11
CVE-2018-16866 [LOW] CWE-125 CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that term
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
nvdosv
CVE-2012-1174P4LOWCVSS 3.3≥ 0, < 44-12012-07-12
CVE-2012-1174 [LOW] CVE-2012-1174: The rm_rf_children function in util
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
osv
CVE-2014-9770P4LOWCVSS 3.3≥ 0, < 215-12016-04-20
CVE-2014-9770 [LOW] CVE-2014-9770: tmpfiles
tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.
osv
CVE-2015-8842P4LOWCVSS 3.3≥ 0, < 215-12016-04-20
CVE-2015-8842 [LOW] CVE-2015-8842: tmpfiles
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.
osv
CVE-2013-4393P4LOWCVSS 2.1fixed in 1942013-10-28
CVE-2013-4393 [LOW] CVE-2013-4393: journald in systemd, when the origin of native messages is set to file, allows local users to cause
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.
nvdosv