CVE-2020-1712 log

Source
Severity High
Remote No
Type Privilege escalation
Description
A heap use-after-free vulnerability was found in systemd before version 244.2, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
Group Package Affected Fixed Severity Status Ticket
AVG-1094 systemd 244.1-1 244.2-1 High Fixed
Date Advisory Group Package Severity Type
12 Feb 2020 ASA-202002-8 AVG-1094 systemd High privilege escalation
References
https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2
https://github.com/systemd/systemd-stable/commit/e2d4cb9843c50eff76e9104fec6b448c0d7c8814