Keszybz

**Name of the Vulnerable Software and Affected Versions** systemd versions prior to 246.15 systemd versions prior to 247.8 systemd versions prior to 248.5 systemd versions prior to 249.1 **Description** The issue is related to uncontrolled resource consumption in the systemd initialization and service management subsystem, specifically in the functions `alloca()` and `strdup()`. This can be exploited by an attacker to cause a denial of service, potentially leading to an operating system crash. The vulnerability involves a memory allocation with an excessive size value, where a local attacker can control the pathname, utilizing `strdupa` and `alloca` functions. **Recommendations** For versions prior to 246.15, update to version 246.15 or later. For versions prior to 247.8, update to version 247.8 or later. For versions prior to 248.5, update to version 248.5 or later. For versions prior to 249.1, update to version 249.1 or later.

**Name of the Vulnerable Software and Affected Versions** systemd versions prior to 229 **Description** The issue concerns weak permissions for the /var/log/journal/%m/system.journal file, allowing local users to read the file and obtain sensitive information. **Recommendations** For versions prior to 229, update to version 229 or later to resolve the issue.