Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

openSUSE Systemd Important Access Control Issues Vulnerability 2026-1061-1

suse
Calendar Grey March 26, 2026
Dist Suse Esm H88
Two vulnerabilities in systemd fixed with this important update for openSUSE, requiring prompt installation for security.
An update that solves two vulnerabilities and has one security fix can now be installed.

Summary

## This update for systemd fixes the following issues: * CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). * CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). * udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: * 6a38d88a42 machined: reject invalid class types when registering machines * 8c9a592e5a udev: fix review mixup * b57007a917 udev-builtin-net-id: print cescaped bad attributes * ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX * 0f63e799e6 udev: ensure tag parsing stays within bounds * 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf

Topics%20covered

Topics Covered

security advisory privilege escalation access control important OpenSUSE systemd

References

* bsc#1259418

* bsc#1259650

* bsc#1259697

Cross-

* CVE-2026-29111

* CVE-2026-4105

CVSS scores:

* CVE-2026-29111 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-29111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-29111 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-4105 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-4105 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-4105 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1061-1
Release Date: 2026-03-26T10:36:03Z
Rating: important

Topics%20covered

Topics Covered

security advisory privilege escalation access control important OpenSUSE systemd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here