Skip to main content

CVE-2022-45873: n/a in n/a

Medium
VulnerabilityCVE-2022-45873cvecve-2022-45873n-acwe-400
Published: Wed Nov 23 2022 (11/23/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

AI-Powered Analysis

AILast updated: 06/24/2025, 15:05:45 UTC

Technical Analysis

CVE-2022-45873 is a medium-severity vulnerability affecting systemd versions 250 and 251. The flaw resides in the systemd-coredump component, specifically within the parse_elf_object function located in shared/elf-util.c. The vulnerability allows a local user to induce a deadlock condition in systemd-coredump by triggering a crash that generates an excessively large backtrace. The exploitation technique involves recursively crashing a binary that calls the same function repeatedly and placing it within a deeply nested directory structure, thereby inflating the backtrace size. When the systemd-coredump.socket file has its MaxConnections parameter set to 16, the attacker must trigger this crash sequence 16 times to cause the deadlock. This deadlock effectively halts the systemd-coredump service, potentially impacting system stability and availability. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that the attack exploits resource exhaustion to cause a denial of service. The CVSS v3.1 base score is 5.5, reflecting a medium severity with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, meaning the attack requires local access with low complexity, privileges, and no user interaction, and results in high impact on availability without affecting confidentiality or integrity. No known exploits in the wild have been reported, and no official patches or vendor information are provided in the data. The vulnerability is limited to local users and requires specific conditions (MaxConnections=16) to be exploitable, which somewhat constrains its practical impact but still poses a risk to affected systems running vulnerable systemd versions.

Potential Impact

For European organizations, the primary impact of CVE-2022-45873 is a denial-of-service condition on systems running systemd versions 250 or 251, which are common in many Linux distributions used across Europe. The deadlock in systemd-coredump can lead to system instability or unavailability of core dump services, which are critical for post-crash diagnostics and recovery. This can delay incident response and troubleshooting efforts, potentially increasing downtime. While the vulnerability does not compromise confidentiality or integrity, the availability impact can affect critical infrastructure, enterprise servers, and development environments relying on systemd for process and service management. Organizations with strict uptime requirements, such as financial institutions, healthcare providers, and industrial control systems, may face operational disruptions. Since exploitation requires local access and specific configuration parameters, the threat is more relevant to environments where untrusted local users or compromised accounts exist. The lack of known exploits reduces immediate risk, but the vulnerability could be leveraged in multi-stage attacks or insider threat scenarios. European entities with extensive Linux deployments should consider this vulnerability in their risk assessments, especially those using distributions that shipped systemd 250 or 251 without backported fixes.

Mitigation Recommendations

To mitigate CVE-2022-45873, European organizations should: 1) Identify and inventory all Linux systems running systemd versions 250 or 251. 2) Apply vendor patches or updates as soon as they become available; if no official patch exists, consider upgrading to later systemd versions where the issue is resolved. 3) Review and adjust the MaxConnections setting in systemd-coredump.socket to a lower value than 16 or to a default that limits simultaneous connections, reducing the attack surface. 4) Restrict local user permissions to prevent untrusted users from triggering recursive crashes or placing binaries in deeply nested directories. 5) Implement monitoring for unusual systemd-coredump activity or repeated crashes that could indicate exploitation attempts. 6) Harden local access controls and audit user activities to detect potential misuse. 7) For critical systems, consider isolating or sandboxing processes that could be targeted to prevent cascading effects. 8) Educate system administrators about this vulnerability and the importance of maintaining updated systemd versions and secure configurations.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-11-23T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d983ec4522896dcbeffbd

Added to database: 5/21/2025, 9:09:18 AM

Last enriched: 6/24/2025, 3:05:45 PM

Last updated: 8/15/2025, 1:38:17 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats