CVE-2026-29111

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-29111
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29111.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-29111
Aliases
  • GHSA-gx6q-6f99-m764
Downstream
Related
Published
2026-03-23T21:03:56.120Z
Modified
2026-04-14T18:29:32.933802512Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
systemd: Local unprivileged user can trigger an assert
Details

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

Database specific 
{
    "cwe_ids": [
        "CWE-269"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29111.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/systemd/systemd

Affected ranges

Type
GIT
Repo
https://github.com/systemd/systemd
Events
Introduced
de7436b02badc82200dc127ff190b8155769b8e7
Fixed
4f55c3e0250a674c9d7f53a89c8e77b03ec8f1c3
Database specific 
{
    "versions": [
        {
            "introduced": "239"
        },
        {
            "fixed": "257.11"
        }
    ]
}
Type
GIT
Repo
https://github.com/systemd/systemd
Events
Introduced
781d9d0789379d1ea1f2ecefb804d41e9c8b6c38
Fixed
943028cdb065285c11b6799595e6665a8dba0d44
Database specific 
{
    "versions": [
        {
            "introduced": "258"
        },
        {
            "fixed": "258.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/systemd/systemd
Events
Introduced
9ca433482f2281d71718718705ca8cd3bf562ad6
Fixed
f2b815a9a166ee14f8c5a827b878806db1d88bbd
Database specific 
{
    "versions": [
        {
            "introduced": "259"
        },
        {
            "fixed": "259.2"
        }
    ]
}

Affected versions

Other
v239
v240
v241
v241-rc1
v241-rc2
v242
v242-rc1
v242-rc2
v242-rc3
v242-rc4
v243
v243-rc1
v243-rc2
v244
v244-rc1
v245
v245-rc1
v245-rc2
v246
v246-rc1
v246-rc2
v247
v247-rc1
v247-rc2
v248
v248-2
v248-rc1
v248-rc2
v248-rc3
v248-rc4
v249
v249-rc1
v249-rc2
v249-rc3
v250
v250-rc1
v250-rc2
v250-rc3
v251
v251-rc1
v251-rc2
v251-rc3
v252
v252-rc1
v252-rc2
v252-rc3
v253
v253-rc1
v253-rc2
v253-rc3
v254
v254-rc1
v254-rc2
v254-rc3
v255
v255-rc1
v255-rc2
v255-rc3
v255-rc4
v256
v256-rc1
v256-rc2
v256-rc3
v256-rc4
v257
v257-rc1
v257-rc2
v257-rc3
v258
v259
v257.*
v257.1
v257.10
v257.2
v257.3
v257.4
v257.5
v257.6
v257.7
v257.8
v257.9
v258.*
v258.1
v258.2
v258.3
v258.4
v259.*
v259.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29111.json"