An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-17T16:38:57
Updated: 2024-08-04T20:23:21.049Z
Reserved: 2019-01-16T00:00:00
Link: CVE-2019-6454
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-21T16:01:08.203
Modified: 2024-11-21T04:46:28.867
Link: CVE-2019-6454
Redhat