CVE-2018-15686

🗓️ 26 Oct 2018 14:00:00Reported by canonicalType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 290 Views

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation

Reporter	Title	Published	Views	Family All 132
0day.today	Linux systemd Line Splitting Exploit	26 Oct 201800:00	–	zdt
0day.today	systemd - reexec State Injection Exploit	29 Oct 201800:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Systemd (CVE-2018-15688 CVE-2018-15687 CVE-2018-15686)	18 Dec 201813:50	–	ibm
Tenable Nessus	Amazon Linux 2 : systemd (ALAS-2021-1643) (deprecated)	24 May 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : systemd, --advisory ALAS2-2021-1647 (ALAS-2021-1647)	24 Jun 202100:00	–	nessus
Tenable Nessus	CentOS 7 : systemd (CESA-2019:2091)	30 Aug 201900:00	–	nessus
Tenable Nessus	Debian DLA-1580-1 : systemd security update	20 Nov 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1998)	24 Sep 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-2232)	8 Nov 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-2364)	10 Dec 201900:00	–	nessus

NVD

Node

canonical ubuntu_linuxMatch16.04esm

canonical ubuntu_linuxMatch18.04lts

canonical ubuntu_linuxMatch18.10

debian debian_linuxMatch8.0

Node

systemd_project systemdRange≤239

Node

oracle communications_cloud_native_core_network_function_cloud_native_environmentMatch1.4.0

[
  {
    "product": "systemd",
    "vendor": "systemd",
    "versions": [
      {
        "lessThanOrEqual": "239",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com//security-alerts/cpujul2021.html
github	www.github.com/systemd/systemd/pull/10519
access	www.access.redhat.com/errata/RHSA-2019:3222
security	www.security.gentoo.org/glsa/201810-10
usn	www.usn.ubuntu.com/3816-1/
lists	www.lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2018/11/msg00017.html
exploit-db	www.exploit-db.com/exploits/45714/
access	www.access.redhat.com/errata/RHSA-2019:2091
access	www.access.redhat.com/errata/RHSA-2020:0593

09 Jun 2025 16:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS 27.2

CVSS 3.17.8

CVSS 37

EPSS0.01533

SSVC

CWE-502