fix: CVE-2026-29111 varlink null element check#38
Conversation
CVE-2026-29111: Local unprivileged user can trigger an assert in systemd When an unprivileged IPC API call is made with spurious data containing null elements in arrays/maps, systemd (as PID 1) hits an assert and freezes execution. This fix adds a null check in varlink_idl_validate_field_element_type() to gracefully reject such malformed data instead of triggering an assertion. Upstream: systemd/systemd@6f30740 Signed-off-by: deepin-ci-robot <packages@deepin.org>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
TAG Bot TAG: 255.2-4deepin25 |
|
TAG Bot New tag: 255.2-4deepin28 |
|
TAG Bot New tag: 255.2-4deepin29 |
|
TAG Bot New tag: 255.2-4deepin30 |
|
TAG Bot New tag: 255.2-4deepin32 |
|
TAG Bot New tag: 255.2-4deepin33 |
|
TAG Bot New tag: 255.2-4deepin34 |
|
TAG Bot New tag: 255.2-4deepin35 |
|
TAG Bot New tag: 255.2-4deepin36 |
2 participants
CVE-2026-29111 修复
漏洞描述
CVE-2026-29111: Local unprivileged user can trigger an assert in systemd
当非特权用户通过 varlink IPC API 发送包含 null 元素的数组/映射数据时,systemd (作为 PID 1) 会触发断言并冻结执行。
修复内容
在
varlink_idl_validate_field_element_type()函数中添加 null 检查,优雅地拒绝包含 null 元素的数据,而不是触发断言。上游修复
测试
影响范围
src/shared/varlink-idl.c(通过 debian 补丁)debian/patches/fix-CVE-2026-29111-varlink-null-check.patchGenerated by CVE-Fixer