#VU59358 Uncontrolled recursion in systemd
Vulnerability identifier: #VU59358
Vulnerability risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-674
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
systemd
Server applications /
Other server solutions
Vendor: Freedesktop.org
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in systemd-tmpfiles. A local user can create multiple nested directories in the /tmp folder and case systemd to crash during the system boot.
Mitigation
Install update from vendor's website.
Vulnerable software versions
systemd: 241 - 250.1
External links
http://seclists.org/oss-sec/2022/q1/18
http://github.com/systemd/systemd/commit/55a89ea1b4088a6d84ba0bd3cd8e648bd51f1ebf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
