Debian 11 systemd Critical Improper Access Control Exploit DLA-4533-1
debian lts
April 15, 2026
The following vulnerabilities have been discovered systemd: CVE-2026-4105 The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validat...
Summary
CVE-2026-4105
The systemd-machined service contains an Improper Access Control
vulnerability due to insufficient validation of the class parameter in
the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged
user can exploit this by attempting to register a machine with a
specific class value, which may leave behind a usable,
attacker-controlled machine object. This allows the attacker to invoke
methods on the privileged object, leading to the execution of
arbitrary commands with root privileges on the host system.
CVE-2026-29111
When an unprivileged IPC API call is made with spurious data, a stack
overwrite occurs, with the attacker controlled content.
CVE-2026-40225
udev: local root execution can occur via malicious hardware devices
and unsanitized kernel output.
CVE-2026-40226
nspawn: an escape-to-host action can occur via a crafted optional
config file.
For Debian 11 bullseye, these problems have been fixed in version
247.3-7+deb11u8.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: systemd
Version: 247.3-7+deb11u8
CVE ID: CVE-2026-4105 CVE-2026-29111 CVE-2026-40225 CVE-2026-40226
Debian Bug:
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!