Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-6454

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

See the

CVE page on Mitre.org for more details.

References

BID: 107081
CONFIRM: https://kc.mcafee.com/...
CONFIRM: https://security.netap...
DEBIAN: DSA-4393-1
FEDORA: FEDORA-2019-8434288a24
MISC: https://github.com/sys...
MLIST: [SECURITY] [DLA 1684-1...
MLIST: [oss-security] 2019021...
MLIST: [oss-security] 2019021...
REDHAT: RHSA-2019:0368
REDHAT: RHSA-2019:0990
REDHAT: RHSA-2019:1322
REDHAT: RHSA-2019:1502
SUSE: SUSE-SA:2019:0255-1
SUSE: openSUSE-SU-2019:1450
UBUNTU: USN-3891-1
REDHAT: RHSA-2019:2805
MLIST: [oss-security] 2021072...

Launchpad.net

CVE 2019-6454

Related bugs

References