Vulnerability CVE-2022-4415: Information

Description

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-4415

Published: Jan. 11, 2023

Modified: Feb. 2, 2023

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
systemd	sisyphus	251.10-alt1	255.6-alt2	ALT-PU-2022-3406-1	312238	Fixed
systemd	sisyphus_e2k	249.16-alt2.E2K.2	254.10-alt2.E2K.1	ALT-PU-2023-7579-1	-	Fixed
systemd	sisyphus_riscv64	251.10-alt1	254.10-alt2	ALT-PU-2022-7551-1	-	Fixed
systemd	p10	249.14-alt1	249.17-alt2	ALT-PU-2022-3446-1	312239	Fixed
systemd	p10_e2k	249.16-alt2.E2K.2	249.16-alt2.E2K.2	ALT-PU-2023-7552-1	-	Fixed
systemd	p9	247.13-alt1	247.13-alt1	ALT-PU-2023-1099-1	313189	Fixed
systemd	c10f1	249.14-alt1	249.17-alt2	ALT-PU-2022-3446-1	312239	Fixed
systemd	p11	251.10-alt1	255.6-alt2	ALT-PU-2022-3406-1	312238	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.openwall.com/lists/oss-security/2022/12/21/3	Mailing List Third Party Advisory
https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c	Exploit Patch Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
  Start including
  246
  End excliding
  253

Version: v24.5.3

Vulnerability CVE-2022-4415: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1