PT-2020-2141 · Systemd+5 · Systemd+5

Tavis Ormandy

Published

2019-12-20

Updated

2024-06-15

CVE-2020-1712

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd versions prior to v245-rc1

Description A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. This issue can be exploited by a local unprivileged attacker to crash systemd services or potentially execute code and elevate their privileges by sending specially crafted dbus messages. The vulnerability allows an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to v245-rc1, update to version v245-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to dbus messages to minimize the risk of exploitation. Avoid using asynchronous Polkit queries while handling dbus messages until the issue is resolved. At the moment, there is no other information about additional mitigation measures.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-3351

ALT-PU-2020-1241

ALT-PU-2020-1301

ALT-PU-2021-1673

ALT-PU-2021-1950

BDU:2020-02039

CESA-2020_0575

CVE-2020-1712

DLA-3063-1

MGASA-2020-0094

OPENSUSE-SU-2020:0208-1

OPENSUSE-SU-2020_0208-1

OPENSUSE-SU-2024:11420-1

RHSA-2020:0564

RHSA-2020:0575

RHSA-2020_0575

SUSE-RU-2020:0793-1

SUSE-SU-2020:0331-1

SUSE-SU-2020:0335-1

SUSE-SU-2020:0353-1

SUSE-SU-2020_0331-1

SUSE-SU-2020_0353-1

USN-4269-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Systemd

PT-2020-2141 · Systemd+5 · Systemd+5

CVE-2020-1712

Weakness Enumeration

Related Identifiers

Affected Products

References · 95