发布时间: 2022年12月3日
修改时间: 2022年12月9日
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 5.5 | 0.0 |
| Attack Vector | Local | |
| Attack Complexity | Low | |
| Privileges Required | Low | |
| User Interaction | None | |
| Scope | Unchanged | |
| Confidentiality | None | |
| Integrity | None | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2670 | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. | 2022年12月3日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | systemd | Unaffected |
| KY3.4-5A | systemd | Unaffected |
| KY3.5.1 | systemd | Unaffected |
