CVE-2020-1712

Published: 05 February 2020

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (244.1-0ubuntu3)
Ubuntu 20.04 LTS (Focal Fossa)
Released (244.1-0ubuntu3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (237-3ubuntu10.38)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (229-4ubuntu21.27)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://github.com/poettering/systemd/commits/polkit-ref-count
Upstream: https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2