CVE-2022-4415

NameCVE-2022-4415
DescriptionA vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1026831

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
systemd (PTS)jessie, jessie (lts)215-17+deb8u15vulnerable
stretch (security)232-25+deb9u14vulnerable
stretch (lts), stretch232-25+deb9u17vulnerable
buster, buster (lts)241-7~deb10u11vulnerable
buster (security)241-7~deb10u10vulnerable
bullseye247.3-7+deb11u5fixed
bullseye (security)247.3-7+deb11u6fixed
bookworm252.31-1~deb12u1fixed
trixie257-2fixed
sid257.1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
systemdsourcebullseye247.3-7+deb11u2
systemdsource(unstable)252.4-11026831

Notes

[buster] - systemd <ignored> (Optional feature; disabled by default)
Preparation (main branch commit only): https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0
Fixed by: https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03
Fixed by: https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce (v247.13)
Affects only v246 and newer (when acl support was enabled by default), and only if building with libacl support
Optional (disabled by default) faulty behaviour introduced by v215
https://www.openwall.com/lists/oss-security/2022/12/21/3
[stretch] - systemd <ignored> (Optional feature; disabled by default)
[jessie] - systemd <ignored> (Optional feature; disabled by default)

Search for package or bug name: Reporting problems