Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 882769 (CVE-2022-45873)

Summary: <sys-apps/systemd-252.0: deadlock in systemd-coredump
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: systemd
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 887749    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-24 15:28:50 UTC 
CVE-2022-45873 (https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553):

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Seems like this should be backported?
Comment 1 Mike Gilbert gentoo-dev 2022-11-24 15:40:36 UTC 
The backport is not trivial; it may be better to wait for a backport upstream, or stabilize systemd-252.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-13 20:46:32 UTC 
Thanks!