Vulnerability Details : CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2020-1712
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:migration_toolkit:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-1712
Top countries where our scanners detected CVE-2020-1712
Top open port discovered on systems with this issue
53
IPs affected by CVE-2020-1712 56,769
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-1712!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-1712
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1712
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Red Hat, Inc. | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-1712
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2020-1712
-
https://www.openwall.com/lists/oss-security/2020/02/05/1
oss-security - CVE-2020-1712 systemd: use-after-free when asynchronous polkit queries are performedMailing List;Patch;Third Party Advisory
-
https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d
Fix typo in function name · systemd/systemd@bc130b6 · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712
1794578 – (CVE-2020-1712) CVE-2020-1712 systemd: use-after-free when asynchronous polkit queries are performedIssue Tracking;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html
[SECURITY] [DLA 3063-1] systemd security updateMailing List;Third Party Advisory
-
https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
sd-bus: introduce API for re-enqueuing incoming messages · systemd/systemd@1068447 · GitHubPatch;Third Party Advisory
-
https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
Merge branch 'polkit-ref-count' · systemd/systemd@ea0d0ed · GitHubPatch;Third Party Advisory
-
https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
polkit: when authorizing via PK let's re-resolve callback/userdata in… · systemd/systemd@6374862 · GitHubPatch;Third Party Advisory
Jump to