DEBIAN-CVE-2018-15686

DEBIAN-CVE-2018-15686 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	systemd	0, 0, 0
Debian:14	systemd	0, 0, 0
Debian:12	systemd	0, 0, 0
Debian:11	systemd	0, 0, 0

Exploit Intelligence

Remediation task for CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888 affecting SystemD in EL7 (github-poc-repo)
Remediation task for CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888 affecting SystemD in EL7 (github-poc)
glcve_test.go (github-poc)

Timeline

Oct 26, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-15686 advisory

Open in Interactive Console →