PT-2022-7108 · Systemd+9 · Systemd+9

Matthias Gerstner

·

Published

2022-12-21

·

Updated

2025-06-19

·

CVE-2022-4415

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions systemd versions 247 and later, with affected builds including those with libacl support
Description A security flaw in systemd-coredump can cause a local information leak due to not respecting the fs.suid dumpable kernel setting. This issue allows an unprivileged local user to determine the contents of memory from privileged processes run with the suid root flag. The problem is present in the default configuration of various Linux distributions, including openSUSE, Arch, Debian, Fedora, and SLES.
Recommendations For systemd versions 247 and later with libacl support, update to a version that includes the fix for this issue, as patches are already available on GitHub. As a temporary workaround, consider restricting access to the vulnerable systemd-coredump component to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2023:0837
ALSA-2023:0954
ALT-PU-2022-3406
ALT-PU-2022-3446
ALT-PU-2023-1099
ALT-PU-2023-2110
AZL-12970
AZL-12971
AZL-35293
BDU:2023-07591
CESA-2023_0837
CVE-2022-4415
MGASA-2023-0217
OESA-2023-1027
OESA-2023-1028
OPENSUSE-SU-2022_4629-1
OPENSUSE-SU-2022_4630-1
OPENSUSE-SU-2023_0201-1
OPENSUSE-SU-2024:12576-1
RHSA-2023:0837
RHSA-2023:0954
RHSA-2023_0837
RHSA-2023_0954
RHSA-2024:1105
RLSA-2023:0837
RLSA-2023:0954
SUSE-SU-2022:4627-1
SUSE-SU-2022:4629-1
SUSE-SU-2022:4630-1
SUSE-SU-2022_4627-1
SUSE-SU-2022_4629-1
SUSE-SU-2022_4630-1
SUSE-SU-2023:0058-1
SUSE-SU-2023:0201-1
SUSE-SU-2023:1776-1
SUSE-SU-2023_0058-1
SUSE-SU-2023_0201-1
SUSE-SU-2025:02019-1
SUSE-SU-2025_02019-1
USN-5928-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Systemd