5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
systemd: Local unprivileged user can trigger an assert
systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.
References
- https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764 x_refsource_CONFIRM
- https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a x_refsource_MISC
- https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 x_refsource_MISC
- https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 x_refsource_MISC
- https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd x_refsource_MISC
- https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f x_refsource_MISC
- https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f x_refsource_MISC
- https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 x_refsource_MISC
- https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6 x_refsource_MISC
- https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c x_refsource_MISC
- https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 x_refsource_MISC
Affected products
- ==>= 259, < 259.2
- ==>= 239, < 257.11
- ==>= 258, < 258.5
Matching in nixpkgs
pkgs.udev
System and service manager for Linux
pkgs.systemd
System and service manager for Linux
pkgs.systemd-lsp
Language server implementation for systemd unit files made in Rust
-
nixos-unstable 2026.01.06
- nixpkgs-unstable 2026.01.06
- nixos-unstable-small 2026.01.06
-
nixos-25.11 2025.10.16
- nixos-25.11-small 2025.10.16
- nixpkgs-25.11-darwin 2025.10.16
pkgs.systemdLibs
System and service manager for Linux
pkgs.rofi-systemd
Control your systemd units using rofi
pkgs.systemd-wait
Wait for a systemd unit to enter a specific state
-
nixos-unstable 0.1+2018-10-05
- nixpkgs-unstable 0.1+2018-10-05
- nixos-unstable-small 0.1+2018-10-05
-
nixos-25.11 0.1+2018-10-05
- nixos-25.11-small 0.1+2018-10-05
- nixpkgs-25.11-darwin 0.1+2018-10-05
pkgs.systemdUkify
System and service manager for Linux
pkgs.systemdgenie
Systemd management utility
-
nixos-unstable 0.99.0-unstable-2026-03-07
- nixpkgs-unstable 0.99.0-unstable-2026-03-07
- nixos-unstable-small 0.99.0-unstable-2026-03-07
-
nixos-25.11 0.99.0-unstable-2025-10-11
- nixos-25.11-small 0.99.0-unstable-2025-10-11
- nixpkgs-25.11-darwin 0.99.0-unstable-2025-10-11
pkgs.systemdMinimal
System and service manager for Linux
pkgs.systemd-netlogd
Forwards messages from the journal to other hosts over the network
pkgs.systemd-bootchart
Boot performance graphing tool from systemd
pkgs.systemd-credsubst
envsubst for systemd credentials
pkgs.systemd-manager-tui
Program for managing systemd services through a TUI
pkgs.systemd-journal2gelf
Export entries from systemd's journal and send them to a graylog server using gelf
-
nixos-unstable 0-unstable-2023-03-10
- nixpkgs-unstable 0-unstable-2023-03-10
- nixos-unstable-small 0-unstable-2023-03-10
-
nixos-25.11 0-unstable-2023-03-10
- nixos-25.11-small 0-unstable-2023-03-10
- nixpkgs-25.11-darwin 0-unstable-2023-03-10
pkgs.systemd-lock-handler
Translates systemd-system lock/sleep signals into systemd-user target activations
pkgs.ocamlPackages.systemd
OCaml module for native access to the systemd facilities
pkgs.phpExtensions.systemd
PHP extension allowing native interaction with systemd and its journal
-
nixos-unstable 0.1.2-unstable-2018-06-11
- nixpkgs-unstable 0.1.2-unstable-2018-06-11
- nixos-unstable-small 0.1.2-unstable-2018-06-11
-
nixos-25.11 0.1.2-unstable-2018-06-11
- nixos-25.11-small 0.1.2-unstable-2018-06-11
- nixpkgs-25.11-darwin 0.1.2-unstable-2018-06-11
pkgs.haskellPackages.systemd
Systemd facilities (Socket activation, Notify)
pkgs.php82Extensions.systemd
PHP extension allowing native interaction with systemd and its journal
-
nixos-unstable 0.1.2-unstable-2018-06-11
- nixpkgs-unstable 0.1.2-unstable-2018-06-11
- nixos-unstable-small 0.1.2-unstable-2018-06-11
-
nixos-25.11 0.1.2-unstable-2018-06-11
- nixos-25.11-small 0.1.2-unstable-2018-06-11
- nixpkgs-25.11-darwin 0.1.2-unstable-2018-06-11
pkgs.php83Extensions.systemd
PHP extension allowing native interaction with systemd and its journal
-
nixos-unstable 0.1.2-unstable-2018-06-11
- nixpkgs-unstable 0.1.2-unstable-2018-06-11
- nixos-unstable-small 0.1.2-unstable-2018-06-11
-
nixos-25.11 0.1.2-unstable-2018-06-11
- nixos-25.11-small 0.1.2-unstable-2018-06-11
- nixpkgs-25.11-darwin 0.1.2-unstable-2018-06-11
pkgs.php84Extensions.systemd
PHP extension allowing native interaction with systemd and its journal
-
nixos-unstable 0.1.2-unstable-2018-06-11
- nixpkgs-unstable 0.1.2-unstable-2018-06-11
- nixos-unstable-small 0.1.2-unstable-2018-06-11
-
nixos-25.11 0.1.2-unstable-2018-06-11
- nixos-25.11-small 0.1.2-unstable-2018-06-11
- nixpkgs-25.11-darwin 0.1.2-unstable-2018-06-11
pkgs.php85Extensions.systemd
PHP extension allowing native interaction with systemd and its journal
-
nixos-unstable 0.1.2-unstable-2018-06-11
- nixpkgs-unstable 0.1.2-unstable-2018-06-11
- nixos-unstable-small 0.1.2-unstable-2018-06-11
-
nixos-25.11 0.1.2-unstable-2018-06-11
- nixos-25.11-small 0.1.2-unstable-2018-06-11
- nixpkgs-25.11-darwin 0.1.2-unstable-2018-06-11
pkgs.systemd-language-server
Language Server for Systemd unit files
pkgs.update-systemd-resolved
Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus
pkgs.python312Packages.systemd
Python module for native access to the systemd facilities
pkgs.python313Packages.systemd
Python module for native access to the systemd facilities
pkgs.haskellPackages.systemd-api
systemd bindings
pkgs.nagiosPlugins.check_systemd
Nagios / Icinga monitoring plugin to check systemd for failed units
pkgs.prometheus-systemd-exporter
Exporter for systemd unit metrics
pkgs.haskellPackages.warp-systemd
Socket activation and other systemd integration for the Warp web server (WAI)
pkgs.ocamlPackages_latest.systemd
OCaml module for native access to the systemd facilities
pkgs.gnomeExtensions.systemd-status
Show systemd system state
pkgs.gnomeExtensions.systemd-manager
GNOME Shell extension to manage systemd services
pkgs.python312Packages.systemd-python
Python module for native access to the systemd facilities
pkgs.python313Packages.systemd-python
Python module for native access to the systemd facilities
pkgs.python314Packages.systemd-python
Python module for native access to the systemd facilities
pkgs.haskellPackages.libsystemd-journal
Haskell bindings to libsystemd-journal
pkgs.python312Packages.systemdunitparser
SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files
pkgs.python313Packages.systemdunitparser
SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files
pkgs.python314Packages.systemdunitparser
SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files
pkgs.python312Packages.jupyterhub-systemdspawner
JupyterHub Spawner using systemd for resource isolation
pkgs.python313Packages.jupyterhub-systemdspawner
JupyterHub Spawner using systemd for resource isolation
pkgs.python314Packages.jupyterhub-systemdspawner
JupyterHub Spawner using systemd for resource isolation
pkgs.gnomeExtensions.systemd-offline-update-indicator
Show an indicator for pending systemd offline updates.
pkgs.tests.pkg-config.defaultPkgConfigPackages.libudev
Test whether systemd-257.10 exposes pkg-config modules libudev
pkgs.tests.pkg-config.defaultPkgConfigPackages.libsystemd
Test whether systemd-257.10 exposes pkg-config modules libsystemd
Package maintainers
-
@linsui linsui <linsui555@gmail.com>
-
@doronbehar Doron Behar <me@doronbehar.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
-
@mpscholten Marc Scholten <marc@digitallyinduced.com>
-
@symphorien Guillaume Girol <symphorien_nixpkgs@xlumurb.eu>
-
@chkno Scott Worley <scottworley@scottworley.com>
-
@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>
-
@colonelpanic8 Ivan Malison <IvanMalison@gmail.com>
-
@flokli Florian Klink <flokli@flokli.de>
-
@kloenk Fiona Behrens <me@kloenk.dev>
-
@fadenb Tristan Helmich <tristan.helmich+nixos@gmail.com>
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@liff Olli Helenius <liff@iki.fi>
-
@getchoo Seth Flynn <getchoo@tuta.io>
-
@benley Benjamin Staffin <benley@gmail.com>
-
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
-
@eadwu Edmund Wu <edmund.wu@protonmail.com>
-
@kamadorueda Kevin Amado <kamadorueda@gmail.com>
-
@atagen atagen
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>
-
@veehaitch Vincent Haupert <mail@vincent-haupert.de>
-
@mahyarmirrashed Mahyar Mirrashed <mah.mirr@gmail.com>
-
@VuiMuich Johannes Mayrhofer <vuimuich@quantentunnel.de>