CVE-2019-3843 MEDIUM

CVE-2019-3843

Vendor [Freedesktop.org]
Product systemd
Weakness CWE-266
Published April 26, 2019
Last update June 9, 2025

CVSS base score

4.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

Key dates

02Disclosure timeline

April 26, 2019 CVE published
June 9, 2025 Record updated