CVE-2018-15686 HIGH

CVE-2018-15686: systemd: reexec state injection: fgets() on overlong lines leads to line splitting

Vendor Systemd
Product systemd
Published October 26, 2018
Last update June 9, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Key dates

02Disclosure timeline

October 26, 2018 CVE published
June 9, 2025 Record updated