Description
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textlocallinux
https://www.exploit-db.com/exploits/45715
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201810-10
Patch, Third Party Advisory x_refsource_misc
https://github.com/systemd/systemd/pull/10517/commits
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105748
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3816-1/
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45715/
Scores
CVSS v3
7.0
EPSS
0.0038
EPSS Percentile
59.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-362
Status
published
Products (4)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
systemd_project/systemd
235 - 240
Published
Oct 26, 2018
Tracked Since
Feb 18, 2026