wid-sec-w-2026-0831 · Published 2026-03-23 · View on BSI CERT-Bund ↗

systemd: Multiple Vulnerabilities

CVSS 5.5 MEDIUM

Risk Summary

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

CVEs (1)

CVE-2026-29111

Affected Vendors

Open Source SUSE

Affected Products (18)

Open Source · systemd <260

Open Source · systemd 260

Open Source · systemd <260.1

Open Source · systemd 260.1

Open Source · systemd <261

Open Source · systemd 261

Open Source · systemd <259.2

Open Source · systemd 259.2

Open Source · systemd <258.5

Open Source · systemd 258.5

Open Source · systemd <258.7

Open Source · systemd 258.7

Open Source · systemd <259.5

Open Source · systemd 259.5

Open Source · systemd <257.11

Open Source · systemd 257.11

Open Source · systemd <257.13

Open Source · systemd 257.13

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more