Local Information Leak in Systemd Affects Linux Systems
CVE-2022-4415

5.5MEDIUM

Key Information:

Vendor: Systemd Project
Status: Systemd
Vendor: CVE Published:; 11 January 2023

🔔 Create Systemd Project Vulnerability Alert

What is CVE-2022-4415?

A local information leak vulnerability has been identified in systemd that arises from the systemd-coredump component failing to adhere to the fs.suid_dumpable kernel setting. This flaw could potentially allow unauthorized access to sensitive data, posing a risk to system integrity and privacy. Users and administrators should take immediate steps to review their system configurations and apply necessary updates to mitigate this exposure.

Affected Version(s)

systemd systemd >= 247

References

https://www.openwall.com/lists/oss-security/2022/12/21/3

https://github.com/systemd/systemd/commit/b7641425659243c...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2023
Vulnerability Reserved
Dec 12, 2022

CVE-2022-4415 Data

JSON