Wind River Support Network

HomeDefectsLIN10-7424
Fixed

LIN10-7424 : Security Advisory - dbus - CVE-2020-12049

Created: Jun 8, 2020    Updated: Jul 2, 2020
Resolved Date: Jun 23, 2020
Found In Version: 10.17.41.1
Fix Version: 10.17.41.21
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

CREATE(Triage):(User=admin) [CVE-2020-12049|https://nvd.nist.gov/vuln/detail/CVE-2020-12049]

CVEs


Live chat
Online