Description
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdoslinux
https://www.exploit-db.com/exploits/46760
References (6)
Core 6
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108096
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190619-0002/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4269-1/
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Scores
CVSS v3
7.8
EPSS
0.0015
EPSS Percentile
35.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-268
Status
published
Products (8)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.10
netapp/cn1610_firmware
netapp/hci_management_node
netapp/snapprotect
netapp/solidfire
systemd_project/systemd
< 242
Published
Apr 26, 2019
Tracked Since
Feb 18, 2026