CVE-2019-3843

HIGH

systemd < 242 - Improper Privilege Management via DynamicUser Service SUID/SGID Binary

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-3843.

AI-analyzed exploit summary This exploit demonstrates a vulnerability in systemd's DynamicUser feature, where a service can create a setuid binary outside its mount namespace by receiving a file descriptor via a UNIX domain socket from a collaborating user. The PoC includes two C programs to exploit this flaw and achieve privilege escalation.

Description

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

Exploits (1)

exploitdb WORKING POC

doslinux

https://www.exploit-db.com/exploits/46760

View Code ZIP pw:eip

This exploit demonstrates a vulnerability in systemd's DynamicUser feature, where a service can create a setuid binary outside its mount namespace by receiving a file descriptor via a UNIX domain socket from a collaborating user. The PoC includes two C programs to exploit this flaw and achieve privilege escalation.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: systemd (versions with DynamicUser feature)

No auth needed

Prerequisites: Access to a system with systemd and DynamicUser-enabled services · Ability to create and execute custom services

MITRE ATT&CK

T1199 - Trusted Relationship T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108116

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190619-0002/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4269-1/

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

Scores

CVSS v3 7.8

EPSS 0.0091

EPSS Percentile 55.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-269

Status published

Products (9)

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

fedoraproject/fedora 30

netapp/cn1610_firmware

netapp/hci_management_node

netapp/snapprotect

netapp/solidfire

systemd_project/systemd < 242

Published Apr 26, 2019

Tracked Since Feb 18, 2026