A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
{ "vanir_signatures": [ { "digest": { "function_hash": "249541810590335694009610159207201220281", "length": 339.0 }, "deprecated": false, "source": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", "signature_version": "v1", "target": { "function": "async_polkit_query_free", "file": "src/shared/bus-polkit.c" }, "id": "CVE-2020-1712-083dfb5f", "signature_type": "Function" }, { "digest": { "function_hash": "74549539480005360539949729723206989023", "length": 2874.0 }, "deprecated": false, "source": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", "signature_version": "v1", "target": { "function": "bus_verify_polkit_async", "file": "src/shared/bus-polkit.c" }, "id": "CVE-2020-1712-7c69b8e3", "signature_type": "Function" }, { "digest": { "line_hashes": [ "72931726563557579711792461720729347136", "26849912975153386080865915238274112258", "96503407908645541790317071692654585277", "80059928690961716018069855703978174227", "220740913341633089983235544740890532346", "172523707599536500276213933867456106072", "175528180290079740675934423111785214508" ], "threshold": 0.9 }, "deprecated": false, "source": "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", "signature_version": "v1", "target": { "file": "src/libsystemd/sd-bus/sd-bus.c" }, "id": "CVE-2020-1712-7f19bfdb", "signature_type": "Line" }, { "digest": { "line_hashes": [ "201651851398158219089139026364454349753", "9987944486027707297738265898816304116", "192221843579112265559191630782876604232", "72822982747573861780012777657069221814" ], "threshold": 0.9 }, "deprecated": false, "source": "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54", "signature_version": "v1", "target": { "file": "src/systemd/sd-bus.h" }, "id": "CVE-2020-1712-8dfe3500", "signature_type": "Line" }, { "digest": { "function_hash": "191952696935465987918037642341044558598", "length": 572.0 }, "deprecated": false, "source": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", "signature_version": "v1", "target": { "function": "async_polkit_callback", "file": "src/shared/bus-polkit.c" }, "id": "CVE-2020-1712-c78bba3e", "signature_type": "Function" }, { "digest": { "line_hashes": [ "97053741425443050450208921739222569203", "303460527606453710252220666868808145400", "18219807215661718443382219123539589712", "60261091367737920122821757682504535056", "86264706304329535586929432165729739622", "337390672199881346205475444548683382521", "152562335154503867169907437275077137083", "84211952852498673684248562065377075652", "324726152797087188705084363045825558251", "325970457268498492598214286673190530565", "202566744084947735033800918550045650693", "194309138071813940665718909269028112190", "188997586095725752447519276072764071862", "293185299188085331962123844476277735666", "320138298323880858161113515815715150458", "170379373050637717031754180073892094889", "29309665073518276997283992467703573698", "165225009145589773428426232127941023680", "12321488664809828297015490366106267649", "172883744573346081802393080925107117215", "75285956263270984207625071252672351081", "315481932615129614536008509789990866994", "264579120630678275163303016554424061509", "234214297483417905214744801498590492828", "286908870466118591068503739348901791428", "110910070697038590601846380901570703937", "147634743858309359957750709512817985592", "162589724996563957724767291619418661351", "16959055153679824806685267226897867923", "76055295512511461434023416680211844859", "38713159073670226927111661739781666952", "189612858139979274090890865335185172413", "154430203011226137819958604224372838126", "75389190473008594185108810388326130324", "63132286548534368094653651953345052127", "294940776886412801592379028783519818267", "102301407515608068841865372922431621910", "328716495739662205636254361842872047961", "196405144638830216506361432807297143715", "93356589517045076911522842971448963126", "78433439633613489244827728211361246118", "205368781931337343468642178564182860212", "184223870634894539720575251196499487422", "145323608060584930670486582064995568406", "43700365621748513773381156876425890970", "340123359266940267596657940112607734072", "268992061929188121712297464734694520667", "30256143953995422663035365047298676842", "155909894963427971346953495920941861395", "125229967853273817950243613133490540349", "244837636105294919696140145482111912276", "87390459365384605435053796704959503040", "141682537757708057625738963301879324175", "25716083193282531004342174123650260090" ], "threshold": 0.9 }, "deprecated": false, "source": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb", "signature_version": "v1", "target": { "file": "src/shared/bus-polkit.c" }, "id": "CVE-2020-1712-d35a0e1f", "signature_type": "Line" }, { "digest": { "line_hashes": [ "264543927216481162877910707345971609694", "259464209675969895257656449530202960196", "64452203115505827402551188534889042992", "160015862639679086942224680568996146771" ], "threshold": 0.9 }, "deprecated": false, "source": "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d", "signature_version": "v1", "target": { "file": "src/systemd/sd-bus.h" }, "id": "CVE-2020-1712-fb8966b4", "signature_type": "Line" } ] }