« List of all CVEs

CVE-2018-15686

systemd: reexec state injection: fgets() on overlong lines leads to line splitting

Published: 10/26/2018 Last updated: 6/9/2025 Reserved: 8/22/2018

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

CNA assigner: canonical (cc1ad9ee-3454-478d-9317-d3e869d708bc) Requested by: n/a

Metrics

Version Score Severity Vector String
3.0 7 High CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-libudev ocaml-systemd

Products affected (1)

Product Vendor Version
systemd systemd Snapdragon 820 Automotive Platform

References (22)

Credits (1)