FKIE_CVE-2026-29111

Vulnerability from fkie_nvd - Published: 2026-03-23 22:16 - Updated: 2026-03-24 15:53
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.
References
security-advisories@github.comhttps://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a
security-advisories@github.comhttps://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6
security-advisories@github.comhttps://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412
security-advisories@github.comhttps://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd
security-advisories@github.comhttps://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f
security-advisories@github.comhttps://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f
security-advisories@github.comhttps://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69
security-advisories@github.comhttps://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6
security-advisories@github.comhttps://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c
security-advisories@github.comhttps://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8
security-advisories@github.comhttps://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available."
    },
    {
      "lang": "es",
      "value": "systemd, un gestor de sistemas y servicios, (como PID 1) activa una aserci\u00f3n y congela la ejecuci\u00f3n cuando se realiza una llamada a la API IPC no privilegiada con datos espurios. En la versi\u00f3n v249 y anteriores, el efecto no es una aserci\u00f3n, sino una sobrescritura de pila, con contenido controlado por el atacante. A partir de la versi\u00f3n v250 y posteriores, esto no es posible ya que la comprobaci\u00f3n de seguridad provoca una aserci\u00f3n en su lugar. Esta llamada IPC se a\u00f1adi\u00f3 en v239, por lo que las versiones anteriores a esa no est\u00e1n afectadas. Las versiones 260-rc1, 259.2, 258.5 y 257.11 contienen parches. No se conocen soluciones alternativas disponibles."
    }
  ],
  "id": "CVE-2026-29111",
  "lastModified": "2026-03-24T15:53:48.067",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-23T22:16:26.267",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.