CVE-2018-15686

NameCVE-2018-15686
DescriptionA vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1580-1, ELA-81-1
Debian Bugs912005

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)jessie, jessie (lts)215-17+deb8u15fixed
stretch (security)232-25+deb9u14fixed
stretch (lts), stretch232-25+deb9u17fixed
buster, buster (lts)241-7~deb10u11fixed
buster (security)241-7~deb10u10fixed
bullseye247.3-7+deb11u5fixed
bullseye (security)247.3-7+deb11u6fixed
bookworm252.31-1~deb12u1fixed
sid, trixie257~rc2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcewheezy44-11+deb7u6ELA-81-1
systemdsourcejessie215-17+deb8u8DLA-1580-1
systemdsourcestretch232-25+deb9u10
systemdsource(unstable)239-12912005

Notes

https://bugs.chromium.org/p/project-zero/issues/detail?id=1687
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402
https://github.com/systemd/systemd/pull/10519
https://github.com/systemd/systemd/commit/9f1c81d80a435d15ca1bd536a6d043c18c81c047
[wheezy] - systemd <no-dsa> (Minor isssue)
Search for package or bug name: Reporting problems