CWE
400
Advisory Published
Updated

CVE-2022-45873

First published: Wed Nov 23 2022(Updated: )

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Systemd Project Systemd>=250<=251
Systemd Project Systemd=252-rc1
Systemd Project Systemd=252-rc2
Fedoraproject Fedora=36
redhat/systemd<252
252
>=250<=251
=252-rc1
=252-rc2
=36

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-45873?

    CVE-2022-45873 is a vulnerability in systemd which allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace, and it occurs in parse_elf_object in shared/elf-util.c.

  • How severe is CVE-2022-45873?

    CVE-2022-45873 has a severity rating of 5.5 (Medium).

  • How does CVE-2022-45873 affect the affected software?

    CVE-2022-45873 affects systemd versions 250 and 251, as well as version 252-rc1 and version 252-rc2. It also affects Fedora 36.

  • What is the exploitation methodology for CVE-2022-45873?

    The exploitation methodology for CVE-2022-45873 is to crash a binary calling the same function recursively and put it in a deeply nested state.

  • Are there any references available for CVE-2022-45873?

    Yes, you can find references for CVE-2022-45873 by visiting the following links: [GitHub commit](https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437), [GitHub pull request](https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497), [GitHub pull request](https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203