An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
07 Nov 2023, 03:13
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Feb 2022, 06:08
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CPE | cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5:*:*:*:*:*:*:* cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux Compute Node Eus
Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux For Power Big Endian Eus Redhat enterprise Linux Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Redhat enterprise Linux For Power Little Endian Eus Mcafee Mcafee web Gateway Redhat enterprise Linux For Ibm Z Systems Eus |
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/07/20/2 - Exploit, Mailing List, Third Party Advisory | |
References | (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10278 - Patch, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1322 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1502 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:0990 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2805 - Third Party Advisory |
28 Jan 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CPE | cpe:2.3:a:systemd_project:systemd:239:*:*:*:*:*:*:* | |
First Time |
Systemd Project
Systemd Project systemd |
Information
Published : 2019-03-21 16:01
Updated : 2023-12-10 12:59
NVD link : CVE-2019-6454
Mitre link : CVE-2019-6454
CVE.ORG link : CVE-2019-6454
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_server_aus
- enterprise_linux_for_power_big_endian_eus
- enterprise_linux_compute_node_eus
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_desktop
- enterprise_linux_server_tus
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux_workstation
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux
- enterprise_linux_server_eus
- enterprise_linux_for_power_little_endian
- enterprise_linux_eus
systemd_project
- systemd
netapp
- active_iq_performance_analytics_services
fedoraproject
- fedora
opensuse
- leap
mcafee
- web_gateway
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-787
Out-of-bounds Write