CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40226
https://notcve.org/view.php?id=CVE-2026-40226
10 Apr 2026 — In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. • https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx • CWE-348: Use of Less Trusted Source •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40225
https://notcve.org/view.php?id=CVE-2026-40225
10 Apr 2026 — In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. • https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-29111 – systemd: Local unprivileged user can trigger an assert
https://notcve.org/view.php?id=CVE-2026-29111
23 Mar 2026 — systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. • https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-7008 – Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
https://notcve.org/view.php?id=CVE-2023-7008
23 Dec 2023 — A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. Se encontró una vulnerabilidad en systemd-resolved. Este problema puede permitir que systemd-resolved acepte registros de dominios firmados por DNSSEC incluso cuando no tienen firma, lo que permite que los intermediarios (o el solucionador de DNS ascendente) manipulen... • https://access.redhat.com/errata/RHSA-2024:2463 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 3CVE-2023-26604 – systemd: privilege escalation via the less pager
https://notcve.org/view.php?id=CVE-2023-26604
03 Mar 2023 — systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. A vulnerability was found i... • https://packetstorm.news/files/id/174130 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4415 – systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting
https://notcve.org/view.php?id=CVE-2022-4415
28 Dec 2022 — A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Multicluster Engine for Kubernetes 2.1.6 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform cluste... • https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3821 – systemd: buffer overrun in format_timespan() function
https://notcve.org/view.php?id=CVE-2022-3821
08 Nov 2022 — An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. Se descubrió un problema de error de uno en uno en Systemd en la función format_timespan() de time-util.c. Un atacante podría proporcionar valores específicos de tiempo y precisión que provoquen una saturación del búfer en format_timespan(), lo que provocará una Deneg... • https://bugzilla.redhat.com/show_bug.cgi?id=2139327 • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2022-2526 – systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c
https://notcve.org/view.php?id=CVE-2022-2526
25 Aug 2022 — A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en systemd. Este problema ocurre debido a que las ... • https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3997 – Gentoo Linux Security Advisory 202305-15
https://notcve.org/view.php?id=CVE-2021-3997
13 Jan 2022 — A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. Se ha encontrado un fallo en systemd. Una recursión no controlada en systemd-tmpfiles puede conllevar a una denegación de servicio en el momento del arranque cuando son creados demasiados directorios anidados en /tmp. An update that solves four vulnerabilities and has two fixes is now available. • https://access.redhat.com/security/cve/CVE-2021-3997 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 3CVE-2021-33910 – systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash
https://notcve.org/view.php?id=CVE-2021-33910
20 Jul 2021 — basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. basic/unit-name.c en systemd anterior a las versiones 246.15, 247.8, 248.5 y 249.1 tiene una asignación de memoria con un valor de tamaño excesivo (que involucra a strdupa y alloca para un nombre de ruta controlado por un atacante local) que resulta en una caída del si... • https://packetstorm.news/files/id/163621 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •