CVE-2020-1712
systemd: use-after-free when asynchronous polkit queries are performed
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Se detectó una vulnerabilidad uso de la memoria previamente liberada de la pila en systemd versiones anteriores a v245-rc1, donde se llevaron a cabo consultas de Polkit asincrónicas mientras se manejan mensajes dbus. Un atacante no privilegiado local puede abusar de este fallo para bloquear los servicios de systemd o potencialmente ejecutar código y elevar sus privilegios, mediante el envío de mensajes dbus especialmente diseñados.
A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-27 CVE Reserved
- 2020-02-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2020-1712 | 2020-02-24 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1794578 | 2020-02-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Systemd Project Search vendor "Systemd Project" | Systemd Search vendor "Systemd Project" for product "Systemd" | <= 244 Search vendor "Systemd Project" for product "Systemd" and version " <= 244" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 4.0 Search vendor "Redhat" for product "Ceph Storage" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Discovery Search vendor "Redhat" for product "Discovery" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Migration Toolkit Search vendor "Redhat" for product "Migration Toolkit" | 1.0 Search vendor "Redhat" for product "Migration Toolkit" and version "1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.0 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||