systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.
History

Mon, 09 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-13T20:00:00.000Z

Updated: 2025-06-09T15:54:51.003Z

Reserved: 2018-02-13T00:00:00.000Z

Link: CVE-2018-6954

cve-icon Vulnrichment

Updated: 2024-08-05T06:17:17.343Z

cve-icon NVD

Status : Modified

Published: 2018-02-13T20:29:00.547

Modified: 2025-06-09T16:15:29.307

Link: CVE-2018-6954

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-01-25T00:00:00Z

Links: CVE-2018-6954 - Bugzilla