An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.
Find out more about CVE-2018-16864 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Important because it allows a local attacker to crash systemd-journald or escalate his privileges. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
| CVSS3 Base Score | 7.4 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Local |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (systemd) | RHSA-2019:0049 | 2019-01-14 |
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | rhvm-appliance | Affected |
| Red Hat Virtualization 4 | redhat-virtualization-host | Affected |
Vulmon