CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
32.4%
It was discovered that systemd did not properly validate the time and
accuracy values provided to the format_timespan() function. An attacker
could possibly use this issue to cause a buffer overrun, leading to a
denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu
16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-3821)
It was discovered that systemd did not properly manage the fs.suid_dumpable
kernel configurations. A local attacker could possibly use this issue to
expose sensitive information. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-4415)
It was discovered that systemd did not properly manage a crash with long
backtrace data. A local attacker could possibly use this issue to cause a
deadlock, leading to a denial of service attack. This issue only affected
Ubuntu 22.10. (CVE-2022-45873)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.10 | noarch | systemd | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libnss-myhostname | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libnss-myhostname-dbgsym | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libnss-mymachines | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libnss-mymachines-dbgsym | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libnss-resolve | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libnss-resolve-dbgsym | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libnss-systemd | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libnss-systemd-dbgsym | < 251.4-1ubuntu7.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | libpam-systemd | < 251.4-1ubuntu7.1 | UNKNOWN |