Your submission was sent successfully! Close

CVE-2020-1712

Published: 5 February 2020

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
bionic
Released (237-3ubuntu10.38)
eoan
Released (242-7ubuntu3.6)
focal
Released (244.1-0ubuntu3)
groovy
Released (244.1-0ubuntu3)
hirsute
Released (244.1-0ubuntu3)
impish
Released (244.1-0ubuntu3)
jammy
Released (244.1-0ubuntu3)
precise Does not exist

trusty Needs triage

upstream Needs triage

xenial
Released (229-4ubuntu21.27)
Patches:
upstream: https://github.com/poettering/systemd/commits/polkit-ref-count
upstream: https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2