Home

CVE-2019-6454

Description

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.111

Associated Vulnerability

VulnerabilityOS Platform
system and service manager (USN-3816-1) systemd_237-3ubuntu10.13_amd64.debLinux
system and service manager (USN-3816-1) systemd_229-4ubuntu21.16_i386.debLinux
system and service manager (USN-3816-1) systemd_239-7ubuntu10.8_i386.debLinux
system and service manager (USN-3816-2) systemd_237-3ubuntu10.13_i386.debLinux
system and service manager (USN-3816-2) systemd_237-3ubuntu10.13_amd64.debLinux
system and service manager (USN-3816-2) systemd_239-7ubuntu10.8_i386.debLinux
system and service manager (USN-3816-2) systemd_239-7ubuntu10.8_amd64.debLinux
system and service manager (USN-3816-3) systemd_229-4ubuntu21.16_i386.debLinux
system and service manager (USN-3855-1) systemd_239-7ubuntu10.8_i386.debLinux
system and service manager (USN-3855-1) systemd_239-7ubuntu10.8_amd64.debLinux
system and service manager (USN-3855-1) systemd_229-4ubuntu21.16_i386.debLinux
system and service manager (USN-3855-1) systemd_237-3ubuntu10.13_i386.debLinux
system and service manager (USN-3855-1) systemd_237-3ubuntu10.13_amd64.debLinux
systemd security update(DSA-4393-1) systemd_232-25+deb9u9_i386.debLinux
systemd security update(DSA-4393-1) systemd_232-25+deb9u9_amd64.debLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-32bit-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-debuginfo-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-debuginfo-32bit-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-32bit-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-debuginfo-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-debuginfo-32bit-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-32bit-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-bash-completion-228-150.66.4.noarch.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debuginfo-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debuginfo-32bit-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debugsource-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-sysvinit-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) udev-228-150.66.4.x86_64.rpmLinux
SUSE-SU-2019:1265-1(SUSE Linux Enterprise Desktop 12-SP4 ) udev-debuginfo-228-150.66.4.x86_64.rpmLinux
system and service manager (USN-3891-1) libsystemd0_237-3ubuntu10.13_i386.debLinux
system and service manager (USN-3891-1) libsystemd0_237-3ubuntu10.13_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234