First Last Prev Next    This bug is not in your last search results.
Bug 1205713 - (CVE-2022-45873) VUL-0: CVE-2022-45873: systemd: systemd-coredump deadlock via crash with a long backtrace
(CVE-2022-45873)
VUL-0: CVE-2022-45873: systemd: systemd-coredump deadlock via crash with a lo...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: systemd maintainers
Security Team bot
https://smash.suse.de/issue/348841/
CVSSv3.1:SUSE:CVE-2022-45873:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-11-24 09:43 UTC by Carlos López
Modified: 2022-11-28 15:56 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-11-24 09:43:56 UTC 
CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by
triggering a crash that has a long backtrace. This occurs in parse_elf_object in
shared/elf-util.c. The exploitation methodology is to crash a binary calling the
same function recursively, and put it in a deeply nested directory to make its
backtrace large enough to cause the deadlock. This must be done 16 times when
MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45873
https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437
https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553
https://www.cve.org/CVERecord?id=CVE-2022-45873
Comment 1 Carlos López 2022-11-24 09:44:32 UTC 
This should only affect openSUSE:Factory/systemd
Comment 2 Franck Bui 2022-11-28 15:43:39 UTC 
Given the fact that Factory switched to v252 recently, no supported distros should be affected by this, right ?
Comment 3 Carlos López 2022-11-28 15:56:50 UTC 
(In reply to Franck Bui from comment #2)
> Given the fact that Factory switched to v252 recently, no supported distros
> should be affected by this, right ?

Correct. Closing the bug.
First Last Prev Next    This bug is not in your last search results.