CVE-2022-45873

Name	CVE-2022-45873
Description	systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
systemd (PTS)	jessie, jessie (lts)	215-17+deb8u15	fixed
	stretch (security)	232-25+deb9u14	fixed
	stretch (lts), stretch	232-25+deb9u16	fixed
	buster	241-7~deb10u8	fixed
	buster (security)	241-7~deb10u10	fixed
	bullseye	247.3-7+deb11u4	fixed
	bookworm	252.22-1~deb12u1	fixed
	sid, trixie	255.4-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
systemd	source	jessie	(not affected)
systemd	source	stretch	(not affected)
systemd	source	buster	(not affected)
systemd	source	bullseye	(not affected)
systemd	source	(unstable)	252-1

Notes

[bullseye] - systemd <not-affected> (Vulnerable code introduced later)
[buster] - systemd <not-affected> (Vulnerable code introduced later)
https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553
Fixed by: https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437 (v252-rc3)
Introduced by: https://github.com/systemd/systemd/commit/61aea456c12c54f49c4a76259af130e576130ce9 (v250-rc1)
[stretch] - systemd <not-affected> (Vulnerable code introduced later)
[jessie] - systemd <not-affected> (Vulnerable code introduced later)