CVE-2022-4415 is a medium-severity vulnerability (CVSS 5.5) in systemd-coredump, the component responsible for collecting and storing core dumps on Linux systems. Discovered in January 2023, the flaw causes systemd-coredump to ignore the kernel's fs.suid_dumpable setting, potentially allowing core files for privileged setuid/setgid processes to be produced and read by non-privileged users. Microsoft's advisory lists Azure Linux as a potentially affected product, though the vulnerability is not exclusive to Microsoft artifacts. Discussions on WindowsForum.com cover the technical details, impact, and implications for Azure Linux users, emphasizing the need for patching and configuration review.
-
The systemd component that collects and stores core dumps — systemd‑coredump — was found in January 2023 to ignore the kernel’s fs.suid_dumpable setting, allowing core files for setuid/setgid (privileged) processes to be produced and, under some configurations, read by non‑privileged users. That...