An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-17T16:38:57

Updated: 2024-08-04T20:23:21.049Z

Reserved: 2019-01-16T00:00:00

Link: CVE-2019-6454

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-21T16:01:08.203

Modified: 2024-11-21T04:46:28.867

Link: CVE-2019-6454

cve-icon Redhat

Severity : Important

Publid Date: 2019-02-18T00:00:00Z

Links: CVE-2019-6454 - Bugzilla