CVE-2020-1712 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	A heap use-after-free vulnerability was found in systemd before version 244.2, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1094	systemd	244.1-1	244.2-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
12 Feb 2020	ASA-202002-8	AVG-1094	systemd	High	privilege escalation

References
https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2 https://github.com/systemd/systemd-stable/commit/e2d4cb9843c50eff76e9104fec6b448c0d7c8814