The vulnerability of the initialization and service management subsystem in Linux’s systemd lies in the fact that resources are not released after their useful period has ended. This allows a malicious actor to trigger a service failure.

🗓️ 18 Dec 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Systemd vulnerability where resources are not released after use, enabling an attacker to trigger service failures.

Reporter	Title	Published	Views	Family All 90
IBM Security Bulletins	Security Bulletin: IBM MQ Appliance is affected by a systemd vulnerability (CVE-2019-20386)	3 Mar 202115:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	2 Feb 202122:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	27 Jan 202100:04	–	ibm
Tenable Nessus	Amazon Linux 2 : systemd (ALAS-2021-1643) (deprecated)	24 May 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : systemd, --advisory ALAS2-2021-1647 (ALAS-2021-1647)	24 Jun 202100:00	–	nessus
Tenable Nessus	CentOS 8 : systemd (CESA-2020:4553)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : systemd (RHSA-2020:4007)	20 Oct 202000:00	–	nessus
Tenable Nessus	Fedora 30 : systemd (2020-f8e267d6d0)	24 Feb 202000:00	–	nessus
Tenable Nessus	MiracleLinux 7 : systemd-219-78.el7 (AXSA:2020-572:10)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : systemd-239-40.el8 (AXSA:2021-1218:01)	20 Jan 202600:00	–	nessus

Vulners

Node

red_hat red_hat_enterprise_linuxMatch7

OR

canonical ubuntuMatch18.04

OR

red_hat red_hat_enterprise_linuxMatch8

OR

novell opensuse_leapMatch15.1

OR

fedora fedoraMatch30

OR

canonical ubuntuMatch19.10

Source	Link
access	www.access.redhat.com/security/cve/cve-2019-20386
github	www.github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/
ubuntu	www.ubuntu.com/security/CVE-2019-20386
suse	www.suse.com/security/cve/CVE-2019-20386/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.4.2/
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17
strelets	www.strelets.net/patchi-i-obnovleniya-bezopasnosti
web	www.web.nvd.nist.gov/view/vuln/detail

21 Nov 2023 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 22.1

CVSS 32.4

EPSS0.00429

systemd vulnerability resource leak service failures initialization subsystem