Skip to content

systemd: Fix CVE-2026-4105#37

Open
deepin-ci-robot wants to merge 1 commit intomasterfrom
fix/CVE-2026-4105
Open

systemd: Fix CVE-2026-4105#37
deepin-ci-robot wants to merge 1 commit intomasterfrom
fix/CVE-2026-4105

Conversation

@deepin-ci-robot
Copy link
Copy Markdown
Contributor

@deepin-ci-robot deepin-ci-robot commented Apr 15, 2026

Security Update

  • Fix CVE-2026-4105: Improper Access Control in systemd-machined
  • Package: systemd

Description

Fixed an improper access control vulnerability in systemd-machined service.
The RegisterMachine D-Bus method did not properly validate the class parameter,
allowing local unprivileged users to potentially execute arbitrary commands with root privileges.

This patch rejects invalid class types when registering machines, ensuring only
MACHINE_CONTAINER and MACHINE_VM classes are accepted.

Changes

  • Added validation for machine class parameter in machined-dbus.c
  • Updated debian/changelog with version 255.2-4deepin25
  • Added CVE-2026-4105.patch to debian/patches

Testing

  • Build verification recommended
  • Security impact: High (local privilege escalation)

References

@deepin-ci-robot @hudeng-go
systemd: Fix CVE-2026-4105 - machined access control vulnerability
fdef146 
Fixed an improper access control vulnerability in systemd-machined
service. The RegisterMachine D-Bus method did not properly validate
the class parameter, allowing local unprivileged users to potentially
execute arbitrary commands with root privileges.

This patch rejects invalid class types when registering machines,
ensuring only MACHINE_CONTAINER and MACHINE_VM classes are accepted.

Upstream: systemd/systemd@6941d92

Generated-By: uos/glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot deepin-ci-robot requested a review from BLumia April 15, 2026 09:24
@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented Apr 15, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign tsic404 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 15, 2026

TAG Bot

TAG: 255.2-4deepin25
EXISTED: no
DISTRIBUTION: unstable

@Zeno-sole
Copy link
Copy Markdown
Contributor

Zeno-sole commented Apr 16, 2026

/integrate

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 16, 2026

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#3840
PrNumber: 3840
PrBranch: auto-integration-24510984521

@deepin-community-ci-bot deepin-community-ci-bot Bot mentioned this pull request Apr 16, 2026
Open
Zeno-sole
Zeno-sole reviewed Apr 21, 2026
View reviewed changes
Comment thread debian/patches/series
uniontech-escape-spaces-when-serializing-as-well.patch
uniontech-resolved-off-multidns.patch
uniontech-implement-USEC-with-libusec.patch
uniontech-resolved-short-ptr-timeout.patch No newline at end of file
Copy link
Copy Markdown
Contributor

@Zeno-sole Zeno-sole Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

历史patch被移除

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Zeno-sole Zeno-sole Zeno-sole left review comments

@BLumia BLumia Awaiting requested review from BLumia

Assignees

No one assigned

Labels

cve generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deepin-ci-robot @Zeno-sole