Vulnerability Details : CVE-2022-45873
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
Exploit prediction scoring system (EPSS) score for CVE-2022-45873
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-45873
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-45873
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-45873
-
https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497
resolved: various monitor fixes by poettering · Pull Request #24853 · systemd/systemd · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/
[SECURITY] Fedora 36 Update: systemd-250.9-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553
Fix coredump deadlock with overly long backtraces by keszybz · Pull Request #25055 · systemd/systemd · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437
coredump: avoid deadlock when passing processed backtrace data · systemd/systemd@076b807 · GitHubPatch;Third Party Advisory
Products affected by CVE-2022-45873
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:252:rc1:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:252:rc2:*:*:*:*:*:*