CVE-2020-1712

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-1712
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1712.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1712
Downstream
Related
Published
2020-03-31T17:15:26Z
Modified
2025-10-21T05:43:45.964082Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

References

Affected packages

Git / github.com/systemd/systemd

Affected ranges

Type
GIT
Repo
https://github.com/systemd/systemd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1068447e6954dc6ce52f099ed174c442cb89ed54
Fixed
637486261528e8aa3da9f26a4487dc254f4b7abb
Fixed
bc130b6858327b382b07b3985cf48e2aa9016b2d
Fixed
ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2

Affected versions

Other

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
064
174
175
176
177
178
179
180
181
182
v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v183
v184
v185
v186
v187
v188
v189
v19
v190
v191
v192
v193
v194
v195
v196
v197
v198
v199
v2
v20
v200
v201
v202
v203
v204
v205
v206
v207
v208
v209
v21
v210
v211
v212
v213
v214
v215
v216
v217
v218
v219
v22
v220
v221
v222
v223
v224
v225
v226
v227
v228
v229
v23
v230
v231
v232
v233
v234
v235
v236
v237
v238
v239
v24
v240
v241
v241-rc1
v241-rc2
v242
v242-rc1
v242-rc2
v242-rc3
v242-rc4
v243
v243-rc1
v243-rc2
v244
v244-rc1
v25
v26
v27
v28
v29
v3
v30
v31
v32
v33
v34
v35
v36
v37
v38
v39
v4
v40
v41
v42
v43
v44
v5
v6
v7
v8
v9

v243.*

v243.1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb",
        "id": "CVE-2020-1712-083dfb5f",
        "deprecated": false,
        "target": {
            "function": "async_polkit_query_free",
            "file": "src/shared/bus-polkit.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 339.0,
            "function_hash": "249541810590335694009610159207201220281"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb",
        "id": "CVE-2020-1712-7c69b8e3",
        "deprecated": false,
        "target": {
            "function": "bus_verify_polkit_async",
            "file": "src/shared/bus-polkit.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 2874.0,
            "function_hash": "74549539480005360539949729723206989023"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54",
        "id": "CVE-2020-1712-8dfe3500",
        "deprecated": false,
        "target": {
            "file": "src/systemd/sd-bus.h"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "201651851398158219089139026364454349753",
                "9987944486027707297738265898816304116",
                "192221843579112265559191630782876604232",
                "72822982747573861780012777657069221814"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb",
        "id": "CVE-2020-1712-c78bba3e",
        "deprecated": false,
        "target": {
            "function": "async_polkit_callback",
            "file": "src/shared/bus-polkit.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 572.0,
            "function_hash": "191952696935465987918037642341044558598"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb",
        "id": "CVE-2020-1712-d35a0e1f",
        "deprecated": false,
        "target": {
            "file": "src/shared/bus-polkit.c"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "97053741425443050450208921739222569203",
                "303460527606453710252220666868808145400",
                "18219807215661718443382219123539589712",
                "60261091367737920122821757682504535056",
                "86264706304329535586929432165729739622",
                "337390672199881346205475444548683382521",
                "152562335154503867169907437275077137083",
                "84211952852498673684248562065377075652",
                "324726152797087188705084363045825558251",
                "325970457268498492598214286673190530565",
                "202566744084947735033800918550045650693",
                "194309138071813940665718909269028112190",
                "188997586095725752447519276072764071862",
                "293185299188085331962123844476277735666",
                "320138298323880858161113515815715150458",
                "170379373050637717031754180073892094889",
                "29309665073518276997283992467703573698",
                "165225009145589773428426232127941023680",
                "12321488664809828297015490366106267649",
                "172883744573346081802393080925107117215",
                "75285956263270984207625071252672351081",
                "315481932615129614536008509789990866994",
                "264579120630678275163303016554424061509",
                "234214297483417905214744801498590492828",
                "286908870466118591068503739348901791428",
                "110910070697038590601846380901570703937",
                "147634743858309359957750709512817985592",
                "162589724996563957724767291619418661351",
                "16959055153679824806685267226897867923",
                "76055295512511461434023416680211844859",
                "38713159073670226927111661739781666952",
                "189612858139979274090890865335185172413",
                "154430203011226137819958604224372838126",
                "75389190473008594185108810388326130324",
                "63132286548534368094653651953345052127",
                "294940776886412801592379028783519818267",
                "102301407515608068841865372922431621910",
                "328716495739662205636254361842872047961",
                "196405144638830216506361432807297143715",
                "93356589517045076911522842971448963126",
                "78433439633613489244827728211361246118",
                "205368781931337343468642178564182860212",
                "184223870634894539720575251196499487422",
                "145323608060584930670486582064995568406",
                "43700365621748513773381156876425890970",
                "340123359266940267596657940112607734072",
                "268992061929188121712297464734694520667",
                "30256143953995422663035365047298676842",
                "155909894963427971346953495920941861395",
                "125229967853273817950243613133490540349",
                "244837636105294919696140145482111912276",
                "87390459365384605435053796704959503040",
                "141682537757708057625738963301879324175",
                "25716083193282531004342174123650260090"
            ]
        },
        "signature_type": "Line"
    }
]