CVE-2018-15687 HIGH

CVE-2018-15687: systemd: chown_one() can dereference symlinks

Vendor Systemd
Product systemd
Published October 26, 2018
Last update June 9, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

Key dates

02Disclosure timeline

October 26, 2018 CVE published
June 9, 2025 Record updated