Linux 3 a serious vulnerability systemd, may lead to data breaches-vulnerability warning-the black bar safety net

!
Recently, security researchers announced a Linux system systemd in three serious vulnerabilities, namely CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866。 Attackers exploiting these vulnerabilities may obtain a target machine’s root access, and even may lead to information disclosure.
Systemd is a Linux system, the core portion, after the system starts the management system process. The vulnerability exists in the processing log data collection and storage the systemd journald service, the attacker uses these vulnerabilities can be on the target machine to obtain root privileges, and even lead to information disclosure.
Vulnerability analysis
Qualys found that these vulnerabilities actually exist in the processing log data collection and storage the systemd journald service. Vulnerability will lead to the journald service crash, the attacker can control the entire system.
CVE-2018-16864 and CVE-2018-16865 is a memory corruption vulnerability, CVE-2018-16866 is a possible leakage of data of the out of bounds error. Running on a Linux system, the malicious software or a malicious login the user can use CVE-2018-16864 vulnerability. On the other hand, the local user can use CVE-2018-16865 and CVE-2018-16866 vulnerability. These three exploits are not require interaction.
Qualys researchers CVE-2018-16864 vulnerability the earliest is from 2013 Year 4 month introduced after the 2016 Year 2 months can be utilized. Researchers in the i386 on the development of the vulnerability PoC to get eip control.
Similarly, CVE-2018-16865 and CVE-2018-16866 is also the 2011 12 months and 2015 Year 7 months detected.
Impact
Almost all based on the systemd version of Linux are affected by these vulnerabilities. But researchers say there are exceptions, these vulnerabilities do not affect SUSE Linux Enterprise 15, openSUSE Leap 15.0, Fedora 28, Fedora 29 system.