CVE-2020-1712

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 31-03-2020 07:15

Last modified: - 30-06-2022 07:15

Total changes: - 5

Description

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

Reference

https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
https://www.openwall.com/lists/oss-security/2020/02/05/1
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
[debian-lts-announce] 20220630 [SECURITY] [DLA 3063-1] systemd security update-

Keywords

CVE-2020-1712

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-1712

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures