CVE-2022-45873

Name	CVE-2022-45873
Description	systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
systemd (PTS)	buster, buster (security)	241-7~deb10u8	fixed
	bullseye	247.3-7+deb11u1	fixed
	bookworm, sid	252.6-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
systemd	source	buster	(not affected)
systemd	source	bullseye	(not affected)
systemd	source	(unstable)	252-1

Notes

[bullseye] - systemd <not-affected> (Vulnerable code introduced later)
[buster] - systemd <not-affected> (Vulnerable code introduced later)
https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553
Fixed by: https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437 (v252-rc3)
Introduced by: https://github.com/systemd/systemd/commit/61aea456c12c54f49c4a76259af130e576130ce9 (v250-rc1)