55 matches found
CVE-2026-40228
In systemd 259, the vulnerability affects the systemd-journald component. When a user executes a command like logger -p emerg and ForwardToWall=yes is set, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users. This is triggered by the ForwardToWall setting and does ...
CVE-2026-40225
The CVE-2026-40225 entry concerns udev in systemd prior to 260, where local root access can result from malicious hardware devices and unsanitized kernel output. The vulnerability affects the systemd/udev component and is described with a CVSSv3.1 base score of 6.4 (MEDIUM), with attack vector Ph...
CVE-2026-40224
CVE-2026-40224 concerns a local privilege escalation in systemd-machined: in systemd 259 before 260, varlink can be used to reach the root namespace, enabling elevation of privileges. The vulnerability affects the systemd component and is tied to root namespace handling via varlink. The provided ...
CVE-2026-40227
CVE-2026-40227 affects systemd 260 prior to 261. A local unprivileged user can trigger an assertion via an IPC API call when passing an array or map that contains a null element. The vulnerability leads to a crash (assertion failure) rather than a remote compromise, with impact on availability as...
CVE-2026-40223
Affected software: systemd, versions 258 prior to 260. Vulnerability: local unprivileged user can trigger an assertion if a Delegate=yes and User= unit exists and is running. Root cause: assertion path in systemd when the unit condition is met. Impact: results in an assertion (denial of service v...