Table of Contents
This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Important because it allows a local attacker to crash systemd-journald or escalate his privileges. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
CVSS v3 metrics
|CVSS3 Base Score||7.4|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H|
Red Hat Security Errata
|Red Hat Enterprise Linux 7 (systemd)||RHSA-2019:0049||2019-01-14|
|Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhvm-appliance)||RHSA-2019:0361||2019-02-18|
|Red Hat Enterprise Linux Extended Update Support 7.4 (systemd)||RHSA-2019:0271||2019-02-04|
|Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-virtualization-host)||RHSA-2019:0342||2019-02-13|
|Red Hat Enterprise Linux Extended Update Support 7.5 (systemd)||RHSA-2019:0204||2019-01-29|
Affected Packages State
|Red Hat Enterprise Linux 8||systemd||Not affected|
AcknowledgementsRed Hat would like to thank Qualys Research Labs for reporting this issue.
To increase the time an attacker needs to exploit this flaw you could override the `StartLimitInterval=` (called StartLimitIntervalSec in newer systemd versions) and `StartLimitBurst=` settings. In this way the attack may require much longer to be successful.
To edit the journald service use `sudo systemctl edit systemd-journald.service` and add: