CVE-2023-31438

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

References

Affected packages

Git / github.com/systemd/systemd

Affected ranges

Type

GIT

Repo

https://github.com/systemd/systemd

Events

Introduced

Last affected

477fdc5afed0457c43d01f3d7ace7209f81d3995

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "253-NA"
        }
    ]
}

Affected versions

Other

v10

v11

v12

v13

v14

v15

v16

v17

v18

v183

v184

v185

v186

v187

v188

v189

v19

v190

v191

v192

v193

v194

v195

v196

v197

v198

v199

v20

v200

v201

v202

v203

v204

v205

v206

v207

v208

v209

v21

v210

v211

v212

v213

v214

v215

v216

v217

v218

v219

v22

v220

v221

v222

v223

v224

v225

v226

v227

v228

v229

v23

v230

v231

v232

v233

v234

v235

v236

v237

v238

v239

v24

v240

v241

v241-rc1

v241-rc2

v242

v242-rc1

v242-rc2

v242-rc3

v242-rc4

v243

v243-rc1

v243-rc2

v244

v244-rc1

v245

v245-rc1

v245-rc2

v246

v246-rc1

v246-rc2

v247

v247-rc1

v247-rc2

v248

v248-2

v248-rc1

v248-rc2

v248-rc3

v248-rc4

v249

v249-rc1

v249-rc2

v249-rc3

v25

v250

v250-rc1

v250-rc2

v250-rc3

v251

v251-rc1

v251-rc2

v251-rc3

v252

v252-rc1

v252-rc2

v252-rc3

v253

v253-rc1

v253-rc2

v253-rc3

v26

v27

v28

v29

v30

v31

v32

v33

v34

v35

v36

v37

v38

v39

v40

v41

v42

v43

v44

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31438.json"