CVE-2020-1712
Description
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.105
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| system and service manager (USN-4269-1) systemd_242-7ubuntu3.6_i386.deb | Linux |
| system and service manager (USN-4269-1) systemd_242-7ubuntu3.6_amd64.deb | Linux |
| system and service manager (USN-4269-1) systemd_229-4ubuntu21.27_i386.deb | Linux |
| system and service manager (USN-4269-1) systemd_229-4ubuntu21.27_amd64.deb | Linux |
| system and service manager (USN-4269-1) systemd_237-3ubuntu10.38_i386.deb | Linux |
| system and service manager (USN-4269-1) systemd_237-3ubuntu10.38_amd64.deb | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-32bit-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-debuginfo-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsystemd0-debuginfo-32bit-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-32bit-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-debuginfo-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) libudev1-debuginfo-32bit-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-32bit-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-bash-completion-228-150.82.1.noarch.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debuginfo-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debuginfo-32bit-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-debugsource-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) systemd-sysvinit-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) udev-228-150.82.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0331-1(SUSE Linux Enterprise Desktop 12-SP4 ) udev-debuginfo-228-150.82.1.x86_64.rpm | Linux |
| Systemd update (ELSA-2020-0575) systemd-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-container update (ELSA-2020-0575) systemd-container-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-devel update (ELSA-2020-0575) systemd-devel-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-journal-remote update (ELSA-2020-0575) systemd-journal-remote-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-libs update (ELSA-2020-0575) systemd-libs-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-pam update (ELSA-2020-0575) systemd-pam-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-tests update (ELSA-2020-0575) systemd-tests-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd-udev update (ELSA-2020-0575) systemd-udev-239-18.0.2.el8_1.4.x86_64.rpm | Linux |
| Systemd update (ELSA-2020-0575) systemd-239-18.0.2.el8_1.4.i686.rpm | Linux |
| Systemd-container update (ELSA-2020-0575) systemd-container-239-18.0.2.el8_1.4.i686.rpm | Linux |
| Systemd-devel update (ELSA-2020-0575) systemd-devel-239-18.0.2.el8_1.4.i686.rpm | Linux |
| Systemd-libs update (ELSA-2020-0575) systemd-libs-239-18.0.2.el8_1.4.i686.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234