Denial of Service in Systemd Caused by Crafted D-Bus Messages
CVE-2019-6454

5.5MEDIUM

Key Information:

Vendor

Systemd Project

Status
Systemd
Vendor
CVE Published:
17 March 2019

What is CVE-2019-6454?

A vulnerability in the sd-bus component of systemd allows an unprivileged local user to exploit a flaw in the bus_process_object function. By sending specially crafted D-Bus messages to PID1, the attacker can provoke a stack pointer jump that bypasses stack guard pages, leading to a system crash and kernel panic. This presents a serious risk to system stability and can be leveraged in various attack scenarios.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2019/02/18/3
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/107081
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.