CVE-2022-4415

Publication date 11 January 2023

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
systemd	22.10 kinetic	Fixed 251.4-1ubuntu7.1
	22.04 LTS jammy	Fixed 249.11-0ubuntu3.7
	20.04 LTS focal	Fixed 245.4-4ubuntu3.20
	18.04 LTS bionic	Ignored end of standard support
	16.04 LTS xenial	Ignored end of standard support
	14.04 LTS trusty	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
systemd	Upstream: 9b75a3d Upstream: efca528 Upstream: 1d5e0e9 Upstream: 8215e15 Upstream: 786df41 Upstream: bb47600

Severity score breakdown

Parameter	Value
Base score	5.5 · Medium
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Related Ubuntu Security Notices (USN)

USN-5928-1
systemd vulnerabilities
7 March 2023