CVE-2022-45873

Name of the Vulnerable Software and Affected Versions systemd versions 250 through 251

Description The issue allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in the parse elf object function in shared/elf-util.c. The exploitation methodology involves crashing a binary calling the same function recursively and placing it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Recommendations For versions 250 and 251, as a temporary workaround, consider restricting access to the systemd-coredump.socket file to minimize the risk of exploitation. Additionally, avoid setting MaxConnections to a high value for this socket file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.