CVE-2026-40228

all versions

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" comma

2.9LOW

CVE-2026-40227

all versions

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a nul

6.2MEDIUM

CVE-2026-40226

>= 233 and < 257.12

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

6.4MEDIUM

CVE-2026-40225

< 257.13

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

6.4MEDIUM

CVE-2026-40224

>= 259 and < 259.3

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root n

6.7MEDIUM

CVE-2026-40223

>= 258 and < 260

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is

4.7MEDIUM

CVE-2026-29111

>= 239 and < 257.11

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made w

5.5MEDIUM

CVE-2025-4598

< 252.37

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a

4.7MEDIUM

CVE-2023-7008

all versions

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains ev

5.9MEDIUM

CVE-2023-31439

all versions

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust th

5.3MEDIUM

CVE-2023-31438

all versions

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking

5.3MEDIUM

CVE-2023-31437

all versions

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and se

5.3MEDIUM

CVE-2023-26604

< 246.7

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers file

7.8HIGH

CVE-2022-4415

>= 246 and < 253

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting

5.5MEDIUM

CVE-2022-45873

>= 250 and <= 251

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. Thi

5.5MEDIUM

CVE-2022-3821

<= 251

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specifi

5.5MEDIUM

CVE-2022-2526

all versions

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete(

9.8CRITICAL

CVE-2021-3997

>= 240 and < 250.2

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too m

5.5MEDIUM

CVE-2021-33910

< 246.15

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involv

5.5MEDIUM

CVE-2020-13529

all versions

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a serve

6.1MEDIUM

CVE-2020-13776

<= 245

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demon

6.7MEDIUM

CVE-2020-1712

<= 244

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed

7.8HIGH

CVE-2012-1101

all versions

systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

5.5MEDIUM

CVE-2019-20386

< 243

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command,

2.4LOW

CVE-2018-21029

>= 239 and < 244

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication

9.8CRITICAL

CVE-2019-15718

all versions

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the sy

4.4MEDIUM

CVE-2018-20839

all versions

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such

4.3MEDIUM

CVE-2019-3844

< 242

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binar

7.8HIGH

CVE-2019-3843

< 242

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run

7.8HIGH

CVE-2019-3842

<= 241

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEA

7.0HIGH

CVE-2019-6454

all versions

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-len

5.5MEDIUM

CVE-2018-16888

< 237

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service

4.7MEDIUM

CVE-2018-16865

<= 240

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in syst

7.8HIGH

CVE-2018-16864

<= 240

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in syst

7.8HIGH

CVE-2018-16866

>= 221 and <= 239

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A loca

3.3LOW

CVE-2018-15688

<= 239

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd

8.8HIGH

CVE-2018-15687

>= 235 and < 240

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Af

7.0HIGH

CVE-2018-15686

<= 239

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via Notify

7.8HIGH

CVE-2018-1049

< 234

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may n

5.9MEDIUM

CVE-2018-6954

<= 237

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to o

7.8HIGH

CVE-2017-18078

< 237

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protect

7.8HIGH

CVE-2017-15908

all versions

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite

7.5HIGH

CVE-2015-7510

all versions

Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.

9.8CRITICAL

CVE-2017-1000082

>= 229 and < 234

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in quest

9.8CRITICAL

CVE-2017-9445

>= 223 and <= 233

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too sm

7.5HIGH

CVE-2017-9217

<= 233

systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with a

7.5HIGH

CVE-2016-10156

all versions

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers featur

7.8HIGH

CVE-2016-7796

all versions

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length

5.5MEDIUM

CVE-2016-7795

<= 231

The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion f

5.5MEDIUM

CVE-2012-0871

<= 037

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local

CVE-2013-4394

< 194

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Key

CVE-2013-4393

< 194

journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging s

CVE-2013-4392

< 239

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary

5.0MEDIUM

CVE-2013-4391

< 190

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denia

CVE-2013-4327

<= 207

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access

CVE-2012-1174

all versions

The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local use