CVE-2018-15686
critical
CVSS v3
—
CVSS v2
—
VIR risk
9.5
Description
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2018-15686
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2018-15686.html
Vendor advisory: arch — https://security.archlinux.org/ASA-201811-11
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 239.300-1 | |
| sles | affected | | |
| debian | bookworm | fixed | 239-12 |
| debian | bullseye | fixed | 239-12 |
| debian | forky | fixed | 239-12 |
| debian | sid | fixed | 239-12 |
| debian | trixie | fixed | 239-12 |
References
Verify integrity in audit chain (admin only). AS-IS.