DEBIAN-CVE-2019-3844

DEBIAN-CVE-2019-3844 PUBLISHED CVSS 7.800000190734863 HIGH

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	systemd	0, 0, 0
Debian:12	systemd	0, 0, 0
Debian:14	systemd	0, 0, 0
Debian:11	systemd	0, 0, 0

Exploit Intelligence

glcve_test.go (github-poc)

Timeline

Apr 26, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-3844 advisory

Open in Interactive Console →