In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| systemd_project | systemd | - | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
29
Affected Products
14
References
systemd_project / systemd
| - |
| fedoraproject | fedora | - | - |
| redhat | openshift_container_platform | - | - |
| redhat | enterprise_linux | - | - |
| redhat | enterprise_linux_eus | - | - |
| redhat | enterprise_linux_eus | - | - |
| redhat | enterprise_linux_eus | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_8_s390x | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | - | - |
| redhat | enterprise_linux_for_ibm_z_systems_eus_s390x | - | - |
| redhat | enterprise_linux_for_power_little_endian | - | - |
| redhat | enterprise_linux_for_power_little_endian_eus | - | - |
| redhat | enterprise_linux_for_power_little_endian_eus | - | - |
| redhat | enterprise_linux_for_power_little_endian_eus | - | - |
| redhat | enterprise_linux_server_aus | - | - |
| redhat | enterprise_linux_server_aus | - | - |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | - | - |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | - | - |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | - | - |
| redhat | enterprise_linux_server_tus | - | - |
| redhat | enterprise_linux_server_tus | - | - |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | - | - |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | - | - |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | - | - |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploitability
Impact