Main Vulnerability Database Vulnerabilities #VU70461

Improper Privilege Management in systemd - CVE-2022-4415

Published: December 21, 2022 / Updated: May 17, 2023

Vulnerability identifier: #VU70461

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-4415

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Freedesktop.org

Affected software:
systemd

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management when handling coredumps in coredump/coredump.c. A local user can gain access to sensitive information.

The vulnerability affects systems with libacl support.

How to mitigate CVE-2022-4415

Install updates from vendor's website.

Sources

https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c

Improper Privilege Management in systemd - CVE-2022-4415

Detailed vulnerability description

How to mitigate CVE-2022-4415

Sources

Please verify you're human