CVE-2026-29111

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd versions prior to 260-rc1 systemd versions prior to 259.2 systemd versions prior to 258.5 systemd versions prior to 257.11 systemd versions 239 through 249

Description systemd, a system and service manager, can freeze execution or experience stack overwriting when an unprivileged Inter-Process Communication (IPC) API call is made with invalid data. Versions prior to v239 are not affected. Versions v249 and earlier are susceptible to stack overwriting, allowing an attacker to control content. From version v250 onwards, the issue triggers an assert, preventing stack overwriting. The vulnerable IPC call was introduced in version v239.

Recommendations Update to systemd version 260-rc1 or later. Update to systemd version 259.2 or later. Update to systemd version 258.5 or later. Update to systemd version 257.11 or later.

Exploit

Fix

DoS

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALSA-2026:13651

ALSA-2026:13677

ALSA-2026:19068

ALSA-2026:19213

CVE-2026-29111

ECHO-BF64-F9B5-3E12

GHSA-GX6Q-6F99-M764

OESA-2026-1910

OESA-2026-1911

OESA-2026-1914

OESA-2026-1915

OESA-2026-2122

OESA-2026-2123

OPENSUSE-SU-2026:10624-1

OPENSUSE-SU-2026:20471-1

RHSA-2026:13651

RHSA-2026:13677

RHSA-2026:19068

RHSA-2026:19213

RHSA-2026:7299

SUSE-SU-2026:0990-1

SUSE-SU-2026:1040-1

SUSE-SU-2026:1061-1

SUSE-SU-2026:20822-1

SUSE-SU-2026:20826-1

SUSE-SU-2026:21003-1

SUSE-SU-2026:21144-1

USN-8119-1

USN-8119-2

Affected Products

Linuxmint

Rocky Linux

Ubuntu

Systemd

CVE-2026-29111

Weakness Enumeration

Related Identifiers

Affected Products

References · 83