Fluid Attacks Database

Description

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	systemd	=257.13-1~deb13u1 \|\| =257.7-1 \|\| =257.8-1~deb13u1 \|\| =257.8-1~deb13u2 \|\| =257.9-1~deb13u1 \|\| =258-1 \|\| =258.1-1 \|\| =258.1-2 \|\| =258~rc1-1 \|\| =258~rc2-1 \|\| =258~rc2-2 \|\| =258~rc3-1 \|\| =258~rc4-1 \|\| =259-1 \|\| =259.1-1 \|\| =259~rc1-1 \|\| =259~rc2-1 \|\| =259~rc3-1 \|\| =260~rc1-1 \|\| =260~rc1-2 \|\| =260~rc2-1 \|\| >=0 <260~rc3-1	260~rc3-1
debian 11	systemd	=247.3-6 \|\| =247.3-7 \|\| =247.3-7+deb11u1 \|\| =247.3-7+deb11u2 \|\| =247.3-7+deb11u3 \|\| =247.3-7+deb11u4 \|\| =247.3-7+deb11u5 \|\| =247.3-7+deb11u6 \|\| =247.3-7+deb11u7 \|\| >=0 <247.3-7+deb11u8	247.3-7+deb11u8
debian 12	systemd	=252.11-1 \|\| =252.11-1~deb12u1 \|\| =252.12-1~deb12u1 \|\| =252.14-1~deb12u1 \|\| =252.16-1~deb12u1 \|\| =252.17-1~deb12u1 \|\| =252.18-1~deb12u1 \|\| =252.19-1~deb12u1 \|\| =252.20-1~deb12u1 \|\| =252.21-1~deb12u1 \|\| =252.22-1~deb12u1 \|\| =252.23-1~deb12u1 \|\| =252.24-1~deb12u1 \|\| =252.25-1~deb12u1 \|\| =252.26-1~deb12u1 \|\| =252.26-1~deb12u2 \|\| =252.26-1~deb12u2~bpo11+1 \|\| =252.27-1~deb12u1 \|\| =252.28-1~deb12u1 \|\| =252.29-1~deb12u1 \|\| =252.29-1~deb12u1~bpo11+1 \|\| =252.30-1~deb12u1 \|\| =252.30-1~deb12u2 \|\| =252.31-1~deb12u1 \|\| =252.32-1~deb12u1 \|\| =252.33-1~deb12u1 \|\| =252.36-1~deb12u1 \|\| =252.38-1~deb12u1 \|\| =252.39-1~deb12u1 \|\| =252.6-1 \|\| =252.6-1+loong64 \|\| >=0 <252.39-1~deb12u2	252.39-1~deb12u2
debian 13	systemd	=257.7-1 \|\| =257.8-1~deb13u1 \|\| =257.8-1~deb13u2 \|\| =257.9-1~deb13u1 \|\| >=0 <257.13-1~deb13u1	257.13-1~deb13u1

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.