Systemd Systemd
11 CVEs affecting Systemd Systemd. Latest disclosed: 2026-04-10. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-15688 | High | 8.8 | 2018-10-26 | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases… |
CVE-2018-15687 | High | 7.8 | 2018-10-26 | A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd v… |
CVE-2018-15686 | High | 7.0 | 2018-10-26 | A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to i… |
CVE-2026-40224 | Medium | 6.7 | 2026-04-10 | In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace. |
CVE-2026-40226 | Medium | 6.4 | 2026-04-10 | In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. |
CVE-2026-40225 | Medium | 6.4 | 2026-04-10 | In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. |
CVE-2026-40227 | Medium | 6.2 | 2026-04-10 | In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. |
CVE-2026-29111 | Medium | 5.5 | 2026-03-23 | systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version… |
CVE-2026-40223 | Medium | 4.7 | 2026-04-10 | In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running. |
CVE-2026-40228 | Low | 2.9 | 2026-04-10 | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToW… |
CVE-2012-1101 | | 2020-03-11 | systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). |