CVE-2020-1712

NameCVE-2020-1712
DescriptionA heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs950732

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)stretch232-25+deb9u12vulnerable
stretch (security)232-25+deb9u11vulnerable
buster241-7~deb10u4fixed
bullseye, sid246.6-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcejessie(not affected)
systemdsourcebuster241-7~deb10u4
systemdsource(unstable)244.2-1950732

Notes

[stretch] - systemd <no-dsa> (Can be fixed via point release)
[jessie] - systemd <not-affected> (Vulnerable code introduced later)
https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation)
https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation)
https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation)
https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b (preparation)
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 (introduce new API)
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712)
https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation)
https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation)
https://bugzilla.redhat.com/show_bug.cgi?id=1794578
https://bugs.chromium.org/p/project-zero/issues/detail?id=1971

Search for package or bug name: Reporting problems