CVE-2019-3844 MEDIUM

CVE-2019-3844

Vendor [Freedesktop.org]
Product systemd
Weakness CWE-268
Published April 26, 2019
Last update June 9, 2025

CVSS base score

4.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

Key dates

02Disclosure timeline

April 26, 2019 CVE published
June 9, 2025 Record updated