PT-2026-25167 · Systemd · Systemd

Manizada

Publicado

2026-01-01

Atualizado

2026-05-12

CVE-2026-4105

CVSS v3.1

6.7

Média

Vetor

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd (affected versions not specified)

Description The systemd-machined service has an issue with access control due to inadequate validation of the class parameter within the RegisterMachine D-Bus method. A local user with limited privileges can exploit this by registering a machine with a specific class value. This action can create a machine object controlled by the attacker, enabling them to execute methods on a privileged object. Successful exploitation allows the attacker to run arbitrary commands with root privileges on the host system. The D-Bus method involved is RegisterMachine.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2026-4105

ECHO-230A-8355-8606

GHSA-4H6X-R8VX-3862

OESA-2026-1910

OESA-2026-1911

OESA-2026-1912

OESA-2026-1913

OESA-2026-1914

OESA-2026-1915

OPENSUSE-SU-2026:10624-1

OPENSUSE-SU-2026:20471-1

RHSA-2026:7299

SUSE-SU-2026:0990-1

SUSE-SU-2026:0991-1

SUSE-SU-2026:1040-1

SUSE-SU-2026:1061-1

SUSE-SU-2026:20822-1

SUSE-SU-2026:20826-1

SUSE-SU-2026:21003-1

SUSE-SU-2026:21144-1

Produtos afetados

Systemd

PT-2026-25167 · Systemd · Systemd

CVE-2026-4105

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 62