// For flags

CVE-2019-6454

systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

Se ha descubierto un problema en sd-bus en systemd 239. bus_process_object() en libsystemd/sd-bus/bus-objects.c asigna un búfer de pila de longitud variable para almacenar temporalmente la ruta de objeto de los mensajes D-Bus entrantes. Un usuario local sin privilegios puede explotar esto enviando un mensaje especialmente manipulado a PID1, provocando que el puntero de la pila salte por las páginas guard de la pila hasta una región de memoria no mapeada y desencadene una denegación de servicio (cierre inesperado del PID1 en systemd y pánico del kernel).

It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-16 CVE Reserved
  • 2019-02-18 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
  • CWE-787: Out-of-bounds Write
CAPEC
References (20)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Systemd Project
Search vendor "Systemd Project"
Systemd
Search vendor "Systemd Project" for product "Systemd"
239
Search vendor "Systemd Project" for product "Systemd" and version "239"
-
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.0
Search vendor "Opensuse" for product "Leap" and version "15.0"
-
Affected
Netapp
Search vendor "Netapp"
Active Iq Performance Analytics Services
Search vendor "Netapp" for product "Active Iq Performance Analytics Services"
--
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
29
Search vendor "Fedoraproject" for product "Fedora" and version "29"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
18.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
18.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Compute Node Eus
Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"
7.5
Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
7.4
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
7.5
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
8.1
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.1"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
8.2
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
8.4
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Ibm Z Systems Eus
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"
7.4
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Ibm Z Systems Eus
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"
7.5
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Ibm Z Systems Eus
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"
8.1
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.1"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Ibm Z Systems Eus
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"
8.2
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Ibm Z Systems Eus
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"
8.4
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Power Big Endian Eus
Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"
7.4
Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Power Little Endian
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian"
8.0
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Power Little Endian Eus
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"
7.4
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Power Little Endian Eus
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"
7.5
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Power Little Endian Eus
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"
8.1
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.1"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Power Little Endian Eus
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"
8.2
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux For Power Little Endian Eus
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"
8.4
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.4
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
8.2
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
8.4
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"
7.4
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"
8.0
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"
8.1
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.1"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"
8.2
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.4
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
8.2
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
8.4
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"
7.4
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"
8.0
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"
8.1
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "8.1"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"
8.2
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
< 7.7.2.21
Search vendor "Mcafee" for product "Web Gateway" and version " < 7.7.2.21"
-
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
>= 7.8.0 < 7.8.2.8
Search vendor "Mcafee" for product "Web Gateway" and version " >= 7.8.0 < 7.8.2.8"
-
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
>= 8.0.0 < 8.1.1
Search vendor "Mcafee" for product "Web Gateway" and version " >= 8.0.0 < 8.1.1"
-
Affected