Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023061

Product

CVSS Score

Original Date

Last Revised

Supervyse

6.5

2023-09-12

Summary

dbus: Unprivileged users to crash dbus-daemon

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2023-34969

If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances.

When done on the well-known system bus, this is a denial-of-service vulnerability.

Solution Information

OPF RV 23.08 and after.
SPF RV 23.11 and after.

Acknowledgements

Revision History

Revision #

Date

Description

2023-09-12

Initial Release

< Back to Security Pledge