CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437	Patch Third Party Advisory
https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497	Issue Tracking Patch Third Party Advisory
https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553	Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:systemd_project:systemd::::::::
	cpe:2.3:a:systemd_project:systemd:252:rc1::::::
	cpe:2.3:a:systemd_project:systemd:252:rc2::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

History

07 Nov 2023, 03:54

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/', 'name': 'FEDORA-2022-ef4f57b072', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/ -

Information

Published : 2022-11-23 23:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-45873

Mitre link : CVE-2022-45873

CVE.ORG link : CVE-2022-45873

JSON object : View

Products Affected

fedoraproject

fedora

systemd_project

systemd

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2022-45873", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-11-23T23:15:10.183", "references": [{"url": "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file."}, {"lang": "es", "value": "systemd 250 y 251 permiten a los usuarios locales lograr un punto muerto en systemd-coredump al desencadenar un bloqueo que tiene un largo backtrace. Esto ocurre en parse_elf_object enshared/elf-util.c. La metodolog\u00eda de explotaci\u00f3n consiste en bloquear un binario que llama a la misma funci\u00f3n de forma recursiva y colocarlo en un directorio profundamente anidado para que su seguimiento sea lo suficientemente grande como para provocar el punto muerto. Esto se debe hacer 16 veces cuando se establece MaxConnections=16 para el archivo systemd/units/systemd-coredump.socket."}], "lastModified": "2023-11-07T03:54:55.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AE4E7F2-A943-44CA-B44F-BDE0F8D09B53", "versionEndIncluding": "251", "versionStartIncluding": "250"}, {"criteria": "cpe:2.3:a:systemd_project:systemd:252:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55FF285C-8DFC-4A67-A426-1ADE349BEF8E"}, {"criteria": "cpe:2.3:a:systemd_project:systemd:252:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E0E4355-1411-43F3-8DCE-700BE15FC71C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}