CVE-2016-7795

Publication date 13 October 2016

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.

Read the notes from the security team

Status

Package Ubuntu Release Status
systemd 17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Fixed 229-4ubuntu10
14.04 LTS trusty
Not affected
12.04 LTS precise Not in release

Notes

mdeslaur

USN-3094-1 fix is incomplete, see bug

sbeattie

additional DoS fix is covered by CVE-2016-7796, also upstream reworked fix for this CVE. trusty and vivid-phone are not affected as upstart is init there

Severity score breakdown

Parameter Value
Base score 5.5 · Medium
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H