{
  "threat_severity" : "Important",
  "public_date" : "2020-02-05T09:00:00Z",
  "bugzilla" : {
    "description" : "systemd: use-after-free when asynchronous polkit queries are performed",
    "id" : "1794578",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1794578"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages." ],
  "statement" : "This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7 as there is no service that performs asynchronous polkit requests in a vulnerable way.\nThe version of systemd delivered in OpenShift Container Platform 4.1 and included in CoreOS images has been superseded by the version delivered in Red Hat Enterprise Linux 8. CoreOS updates for systemd in will be consumed from Red Hat Enterprise Linux 8 channels.",
  "acknowledgement" : "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-02-24T00:00:00Z",
    "advisory" : "RHSA-2020:0575",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "systemd-0:239-18.el8_1.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-02-20T00:00:00Z",
    "advisory" : "RHSA-2020:0564",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.0",
    "package" : "systemd-0:239-13.el8_0.7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "systemd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "systemd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "systemd",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-1712\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1712" ],
  "name" : "CVE-2020-1712",
  "csaw" : false
}