StarlingX

[Debian] Medium CVE: CVE-2022-3821/CVE-2022-4415: systemd: multiple CVEs

Bug #2021448 reported by Yue Tao on 2023-05-29

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Medium	Li Zhou

Bug Description

CVE-2022-3821: https://nvd.nist.gov/vuln/detail/CVE-2022-3821

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

CVE-2022-4415: https://nvd.nist.gov/vuln/detail/CVE-2022-4415

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

Base Score: Medium

Reference:

https://security-tracker.debian.org/tracker/CVE-2022-3821

https://security-tracker.debian.org/tracker/CVE-2022-4415

A source package in integ repository

systemd_247.3-7+deb11u2

Tags:

CVE References

Yue Tao (wrytao) on 2023-05-29

information type:	Public → Public Security
Changed in starlingx:
importance:	Undecided → Medium
status:	New → Triaged
tags:	added: stx.9.0 stx.security

Li Zhou (lzhou2) on 2023-06-21

Changed in starlingx:
assignee:	nobody → Li Zhou (lzhou2)

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2023-08-21:

Fixed by: https://review.opendev.org/c/starlingx/integ/+/887349 which merged on July 11

Changed in starlingx:
status:	Triaged → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.