CVE-2022-45873

EPSS 0.03%
Published 23.11.2022 23:15:10
Last modified 25.04.2025 19:15:48
Source cve@mitre.org
Teams watchlist Login
Open Login

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Systemd Project ≫ Systemd Version >= 250 <= 251

Systemd Project ≫ Systemd Version252 Updaterc1

Systemd Project ≫ Systemd Version252 Updaterc2

Fedoraproject ≫ Fedora Version36

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437

Patch

Third Party Advisory

https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497

Patch

Third Party Advisory

Issue Tracking

https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553

Patch

Third Party Advisory

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/

https://nvd.nist.gov/vuln/detail/CVE-2022-45873

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45873

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45873

EUVD