CVE-2018-20839

Published: 17 May 2019

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
Upstream: https://github.com/systemd/systemd/commit/bb5ac84d79ac3aef606a4a9eeaafef94a1f199be
Upstream: https://github.com/systemd/systemd/commit/13a43c73d8cbac4b65472de04bb88ea1bacdeb89

Notes

AuthorNote
seth-arnold
Possible regression when running startx manually
mdeslaur
commit was reverted in (240-6ubuntu7)

possibly a bug in plymouth, not systemd
as of 2021-04-12, we can no longer reproduce this issue with
all updates applied. I am therefore marking this CVE as
not affecting systemd and closing it out. This was possibly
fixed by the plymouth change in bug 1817738.

References

Bugs