PublicDateAtUSN: 2019-04-26 21:29:00 UTC
Candidate: CVE-2019-3844
PublicDate: 2019-04-26 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844
 https://ubuntu.com/security/notices/USN-4269-1
Description:
 It was discovered that a systemd service that uses DynamicUser property can
 get new privileges through the execution of SUID binaries, which would
 allow to create binaries owned by the service transient group with the
 setgid bit set. A local attacker may use this flaw to access resources that
 will be owned by a potentially different service in the future, when the
 GID will be recycled.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928102
 https://bugzilla.redhat.com/show_bug.cgi?id=1684610
 https://bugs.chromium.org/p/project-zero/issues/detail?id=1771
 https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596
Priority: low
Discovered-by: Jann Horn
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_systemd:
 upstream: https://github.com/systemd/systemd/commit/bf65b7e0c9fc215897b676ab9a7c9d1c688143ba
upstream_systemd: needs-triage
precise/esm_systemd: DNE
trusty/esm_systemd: not-affected (code not present)
xenial_systemd: not-affected (code not present)
esm-infra/xenial_systemd: not-affected (code not present)
bionic_systemd: released (237-3ubuntu10.38)
cosmic_systemd: ignored (reached end-of-life)
disco_systemd: ignored (reached end-of-life)
eoan_systemd: not-affected (242-7ubuntu3.2)
devel_systemd: not-affected (244.1-0ubuntu2)