CVE & CISA-KEV Catalog

CVE-2022-45873

MEDIUM
5.5
CVSS v3
NVD

Description

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

How to fix

Remediation Available
systemdDebian
Fixed in:252-1CVE-2022-45873
Fixed in:252-1CVE-2022-45873
Fixed in:252-1CVE-2022-45873
systemdUbuntu
Fixed in:204-5ubuntu20.31+esm2USN-5928-1
Fixed in:229-4ubuntu21.31+esm3USN-5928-1
Fixed in:237-3ubuntu10.57USN-5928-1
Fixed in:245.4-4ubuntu3.20USN-5928-1
Fixed in:249.11-0ubuntu3.7USN-5928-1
Fixed in:251.4-1ubuntu7.1USN-5928-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.25%probability of exploitation in 30 days
17thpercentile

Low risk: more likely to be exploited than 17% of all known CVEs.

References

Related Vulnerabilities

Other CWE-400 (Resource Exhaustion) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-44487High7.5100%KEVFix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2011-3192High7.899%-Fix
CVE-2019-11478Medium5.395%-Fix
CVE-2024-25617Medium5.389%-Fix
CVE-2018-1000115High7.589%-Fix
Embed a live status badge for CVE-2022-45873
CVE-2022-45873 severity badge

Markdown

[![CVE-2022-45873](https://tridentstack.com/cve/badge/CVE-2022-45873.svg)](https://tridentstack.com/cve/CVE-2022-45873)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-45873"><img src="https://tridentstack.com/cve/badge/CVE-2022-45873.svg" alt="CVE-2022-45873"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-04-25.