CVE-2018-15686

Summary

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Affected Software

VendorProductVersion RangeStatus
systemdsystemdunspecified <= 239affected

Weaknesses

  • fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References