CVE-2018-15686: systemd: state injection during daemon-reexec
Bug #1849200 reported by
Bruce Jones
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Critical
|
Jim Somerville |
Bug Description
CVE-2018-15686
status : fixed
cvss2Score : 10
Attack Vector: N
Access Complexity : L
Autentication: N
Availability Impact :C
Affected packages:
['libgudev1', 'systemd', 'systemd-libs', 'systemd-sysv']
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
https:/
CVE References
tags: | added: stx.security |
Changed in starlingx: | |
importance: | Undecided → Critical |
tags: | added: stx.3.0 |
Changed in starlingx: | |
status: | New → Triaged |
Changed in starlingx: | |
assignee: | nobody → Cindy Xie (xxie1) |
Changed in starlingx: | |
assignee: | Cindy Xie (xxie1) → Jim Somerville (jsomervi) |
tags: | added: in-r-stx20 |
To post a comment you must log in.
This CVE meets the fix criteria for StarlingX. Therefore, it needs to be fixed in master for stx.3.0 and then cherry-picked to r/stx.2.0.