5 matches found
CVE-2026-29111
CVE-2026-29111: systemd local unprivileged user can trigger an assert via an unprivileged IPC API call with spurious data. The issue affects versions from v239 onward; older than v239 are not affected, while v249 and older exhibited stack overwriting, attacker-controlled content. Patches exist in...
CVE-2026-40226
The CVE affects systemd-nspawn: versions 233–259 (before 260) are vulnerable. A crafted optional config file can trigger an escape-to-host action. Root cause is not detailed beyond this vector in the provided docs. Remediation implied by the reference is upgrading to systemd 260 or later to mitig...
CVE-2026-40228
In systemd 259, the vulnerability affects the systemd-journald component. When a user executes a command like logger -p emerg and ForwardToWall=yes is set, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users. This is triggered by the ForwardToWall setting and does ...
CVE-2026-40225
The CVE-2026-40225 entry concerns udev in systemd prior to 260, where local root access can result from malicious hardware devices and unsanitized kernel output. The vulnerability affects the systemd/udev component and is described with a CVSSv3.1 base score of 6.4 (MEDIUM), with attack vector Ph...
CVE-2026-40224
CVE-2026-40224 concerns a local privilege escalation in systemd-machined: in systemd 259 before 260, varlink can be used to reach the root namespace, enabling elevation of privileges. The vulnerability affects the systemd component and is tied to root namespace handling via varlink. The provided ...