CVE-2022-4415

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-4415
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-01-11 15:15:00 UTC
Updated2023-02-02 16:19:00 UTC
DescriptionA vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Systemd Project Systemd All All All All
Application Systemd Project Systemd All All All All

References

ReferenceSourceLinkTags
oss-security - systemd-coredump: CVE-2022-4415: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting MISC www.openwall.com
Merge branch 'systemd-security/coredump-capabilities' · systemd/systemd@b764142 · GitHub MISC github.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160472 Oracle Enterprise Linux Security Update for systemd (ELSA-2023-0837)
  • 160491 Oracle Enterprise Linux Security Update for systemd (ELSA-2023-0954)
  • 182392 Debian Security Update for systemd (CVE-2022-4415)
  • 199221 Ubuntu Security Notification for systemd Vulnerabilities (USN-5928-1)
  • 241208 Red Hat Update for systemd (RHSA-2023:0837)
  • 241228 Red Hat Update for systemd (RHSA-2023:0954)
  • 243029 Red Hat Update for systemd (RHSA-2024:1105)
  • 283547 Fedora Security Update for systemd (FEDORA-2022-6919a53ea9)
  • 283572 Fedora Security Update for systemd (FEDORA-2022-ef4f57b072)
  • 355284 Amazon Linux Security Advisory for systemd : ALAS2023-2023-025
  • 672810 EulerOS Security Update for systemd (EulerOS-SA-2023-1567)
  • 672819 EulerOS Security Update for systemd (EulerOS-SA-2023-1542)
  • 672899 EulerOS Security Update for systemd (EulerOS-SA-2023-1793)
  • 672963 EulerOS Security Update for systemd (EulerOS-SA-2023-1771)
  • 672987 EulerOS Security Update for systemd (EulerOS-SA-2023-1855)
  • 672993 EulerOS Security Update for systemd (EulerOS-SA-2023-1880)
  • 673572 EulerOS Security Update for systemd (EulerOS-SA-2023-3162)
  • 753068 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2022:4627-1)
  • 753071 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2022:4630-1)
  • 753074 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2022:4629-1)
  • 753497 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2023:0058-1)
  • 753598 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2023:0201-1)
  • 753894 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2023:1776-1)
  • 905224 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd-bootstrap (12971)
  • 905237 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (12970)
  • 905247 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (12983)
  • 905408 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (12970-1)
  • 906638 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd-bootstrap (12971-3)
  • 940929 AlmaLinux Security Update for systemd (ALSA-2023:0837)
  • 940944 AlmaLinux Security Update for systemd (ALSA-2023:0954)
  • 960658 Rocky Linux Security Update for systemd (RLSA-2023:0837)
  • 960907 Rocky Linux Security Update for systemd (RLSA-2023:0954)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report