An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
Improper Validation of Integrity Check Value
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/systemd | deb | debian | 12 | >=252.22-1~deb12u1 | Not yet available |
| debian/systemd | deb | debian | unstable | >=256~rc2-3 | Not yet available |
| debian/systemd | deb | debian | 11 | >=247.3-7+deb11u4 | Not yet available |
| debian/systemd | deb | debian | 10 | >=241-7~deb10u8 | Not yet available |
| debian/systemd | deb | debian | 13 | >=255.5-1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
3.9
3.9
CVE-2023-31438
-
CVE-2023-31438
-