Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 882769 (CVE-2022-45873)

Summary: <sys-apps/systemd-252.0: deadlock in systemd-coredump
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: systemd
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 887749    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-24 15:28:50 UTC
CVE-2022-45873 (https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553):

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Seems like this should be backported?
Comment 1 Mike Gilbert gentoo-dev 2022-11-24 15:40:36 UTC
The backport is not trivial; it may be better to wait for a backport upstream, or stabilize systemd-252.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-13 20:46:32 UTC
Thanks!
Comment 3 Larry the Git Cow gentoo-dev 2024-05-04 07:19:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=086164d117a043966946611e66f4322204a92260

commit 086164d117a043966946611e66f4322204a92260
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-04 07:18:38 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-04 07:19:05 +0000

    [ GLSA 202405-04 ] systemd: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/882769
    Bug: https://bugs.gentoo.org/887581
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-04.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)