A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
{ "binaries": [ { "binary_name": "libnss-myhostname", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libnss-myhostname-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libnss-mymachines", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libnss-mymachines-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libnss-resolve", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libnss-resolve-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libnss-systemd", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libnss-systemd-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libpam-systemd", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libpam-systemd-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libsystemd-dev", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libsystemd0", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libsystemd0-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libudev-dev", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libudev1", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libudev1-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "libudev1-udeb", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-container", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-container-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-coredump", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-coredump-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-journal-remote", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-journal-remote-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-sysv", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-tests", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-tests-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-timesyncd", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "systemd-timesyncd-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "udev", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "udev-dbgsym", "binary_version": "245.4-4ubuntu3.24+esm1" }, { "binary_name": "udev-udeb", "binary_version": "245.4-4ubuntu3.24+esm1" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libnss-myhostname", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libnss-myhostname-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libnss-mymachines", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libnss-mymachines-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libnss-resolve", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libnss-resolve-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libnss-systemd", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libnss-systemd-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libpam-systemd", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libpam-systemd-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libsystemd-dev", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libsystemd0", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libsystemd0-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libudev-dev", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libudev1", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "libudev1-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-container", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-container-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-coredump", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-coredump-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-journal-remote", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-journal-remote-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-oomd", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-oomd-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-repart", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-repart-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-standalone-sysusers", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-standalone-sysusers-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-standalone-tmpfiles", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-standalone-tmpfiles-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-sysv", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-tests", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-tests-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-timesyncd", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "systemd-timesyncd-dbgsym", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "udev", "binary_version": "249.11-0ubuntu3.16" }, { "binary_name": "udev-dbgsym", "binary_version": "249.11-0ubuntu3.16" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "libnss-myhostname", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libnss-myhostname-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libnss-mymachines", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libnss-mymachines-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libnss-resolve", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libnss-resolve-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libnss-systemd", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libnss-systemd-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libpam-systemd", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libpam-systemd-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libsystemd-dev", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libsystemd-shared", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libsystemd-shared-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libsystemd0", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libsystemd0-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libudev-dev", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libudev1", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "libudev1-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-boot", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-boot-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-boot-efi", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-container", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-container-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-coredump", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-coredump-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-dev", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-homed", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-homed-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-journal-remote", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-journal-remote-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-oomd", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-oomd-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-resolved", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-resolved-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-standalone-sysusers", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-standalone-sysusers-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-standalone-tmpfiles", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-standalone-tmpfiles-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-sysv", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-tests", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-tests-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-timesyncd", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-timesyncd-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-ukify", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-userdbd", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "systemd-userdbd-dbgsym", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "udev", "binary_version": "255.4-1ubuntu8.8" }, { "binary_name": "udev-dbgsym", "binary_version": "255.4-1ubuntu8.8" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "libnss-myhostname", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libnss-myhostname-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libnss-mymachines", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libnss-mymachines-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libnss-resolve", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libnss-resolve-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libnss-systemd", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libnss-systemd-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libpam-systemd", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libpam-systemd-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libsystemd-dev", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libsystemd-shared", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libsystemd-shared-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libsystemd0", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libsystemd0-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libudev-dev", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libudev1", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "libudev1-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-boot", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-boot-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-boot-efi", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-container", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-container-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-coredump", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-coredump-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-cryptsetup", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-cryptsetup-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-dev", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-homed", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-homed-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-journal-remote", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-journal-remote-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-oomd", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-oomd-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-repart", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-repart-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-resolved", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-resolved-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-standalone-shutdown", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-standalone-shutdown-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-standalone-sysusers", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-standalone-sysusers-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-standalone-tmpfiles", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-standalone-tmpfiles-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-sysv", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-tests", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-tests-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-timesyncd", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-timesyncd-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-ukify", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-userdbd", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "systemd-userdbd-dbgsym", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "udev", "binary_version": "257.4-1ubuntu3.1" }, { "binary_name": "udev-dbgsym", "binary_version": "257.4-1ubuntu3.1" } ], "availability": "No subscription required" }