CVE-2026-29111

216.73.217.22

· Published 23/03/2026 22:16 · Modified 24/03/2026 15:53

Labels: CVE-2026-29111 2026-03-23 CVE-2026-29111 CWE-269 [email protected]

Essential information

Published: 23/03/2026 22:16
Modified: 24/03/2026 15:53
Author: —
Creator: —
CVSS: 5.5 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
systemd / systemd	`cpe:2.3:a:systemd:systemd:<=249:::::::*`
systemd / systemd	`cpe:2.3:a:systemd:systemd:260-rc1:::::::*`
systemd / systemd	`cpe:2.3:a:systemd:systemd:259.2:::::::*`
systemd / systemd	`cpe:2.3:a:systemd:systemd:258.5:::::::*`
systemd / systemd	`cpe:2.3:a:systemd:systemd:257.11:::::::*`