{"id":"UBUNTU-CVE-2026-29111","details":"systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.","modified":"2026-04-22T16:28:39.004822Z","published":"2026-03-23T20:00:00Z","related":["USN-8119-1","USN-8119-2"],"upstream":["CVE-2026-29111"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-29111"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2026-29111"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8119-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8119-2"}],"affected":[{"package":{"name":"systemd","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/systemd@245.4-4ubuntu3.24+esm3?arch=source&distro=esm-infra/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"245.4-4ubuntu3.24+esm3"}]}],"versions":["242-7ubuntu3","243-2ubuntu1","243-3ubuntu1","244-3ubuntu1","244.1-0ubuntu2","244.1-0ubuntu3","244.2-1ubuntu1","244.3-1ubuntu1","245.2-1ubuntu1","245.2-1ubuntu2","245.4-2ubuntu1","245.4-4ubuntu1","245.4-4ubuntu3","245.4-4ubuntu3.1","245.4-4ubuntu3.2","245.4-4ubuntu3.3","245.4-4ubuntu3.4","245.4-4ubuntu3.5","245.4-4ubuntu3.6","245.4-4ubuntu3.7","245.4-4ubuntu3.10","245.4-4ubuntu3.11","245.4-4ubuntu3.13","245.4-4ubuntu3.14","245.4-4ubuntu3.15","245.4-4ubuntu3.16","245.4-4ubuntu3.17","245.4-4ubuntu3.18","245.4-4ubuntu3.19","245.4-4ubuntu3.20","245.4-4ubuntu3.21","245.4-4ubuntu3.22","245.4-4ubuntu3.23","245.4-4ubuntu3.24","245.4-4ubuntu3.24+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"libnss-myhostname"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"libnss-mymachines"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"libnss-resolve"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"libnss-systemd"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"libpam-systemd"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"libsystemd0"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"libudev1"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"systemd"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"systemd-container"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"systemd-coredump"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"systemd-journal-remote"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"systemd-sysv"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"systemd-tests"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"systemd-timesyncd"},{"binary_version":"245.4-4ubuntu3.24+esm3","binary_name":"udev"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29111.json"}},{"package":{"name":"systemd","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/systemd@249.11-0ubuntu3.19?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"249.11-0ubuntu3.19"}]}],"versions":["248.3-1ubuntu8","249.5-2ubuntu1","249.5-2ubuntu2","249.5-2ubuntu3","249.5-2ubuntu4","249.9-0ubuntu2","249.10-0ubuntu1","249.10-0ubuntu2","249.11-0ubuntu1","249.11-0ubuntu2","249.11-0ubuntu3","249.11-0ubuntu3.1","249.11-0ubuntu3.3","249.11-0ubuntu3.4","249.11-0ubuntu3.6","249.11-0ubuntu3.7","249.11-0ubuntu3.9","249.11-0ubuntu3.10","249.11-0ubuntu3.11","249.11-0ubuntu3.12","249.11-0ubuntu3.15","249.11-0ubuntu3.16","249.11-0ubuntu3.17"],"ecosystem_specific":{"binaries":[{"binary_version":"249.11-0ubuntu3.19","binary_name":"libnss-myhostname"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"libnss-mymachines"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"libnss-resolve"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"libnss-systemd"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"libpam-systemd"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"libsystemd0"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"libudev1"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-container"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-coredump"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-journal-remote"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-oomd"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-repart"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-standalone-sysusers"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-standalone-tmpfiles"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-sysv"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-tests"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"systemd-timesyncd"},{"binary_version":"249.11-0ubuntu3.19","binary_name":"udev"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29111.json"}},{"package":{"name":"systemd","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/systemd@255.4-1ubuntu8.14?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"255.4-1ubuntu8.14"}]}],"versions":["253.5-1ubuntu6","253.5-1ubuntu7","255.2-3ubuntu2","255.4-1ubuntu5","255.4-1ubuntu6","255.4-1ubuntu7","255.4-1ubuntu8","255.4-1ubuntu8.1","255.4-1ubuntu8.2","255.4-1ubuntu8.4","255.4-1ubuntu8.5","255.4-1ubuntu8.6","255.4-1ubuntu8.8","255.4-1ubuntu8.10","255.4-1ubuntu8.11","255.4-1ubuntu8.12"],"ecosystem_specific":{"binaries":[{"binary_version":"255.4-1ubuntu8.14","binary_name":"libnss-myhostname"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"libnss-mymachines"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"libnss-resolve"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"libnss-systemd"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"libpam-systemd"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"libsystemd-shared"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"libsystemd0"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"libudev1"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-boot"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-boot-efi"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-container"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-coredump"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-homed"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-journal-remote"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-oomd"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-resolved"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-standalone-sysusers"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-standalone-tmpfiles"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-sysv"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-tests"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-timesyncd"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-ukify"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"systemd-userdbd"},{"binary_version":"255.4-1ubuntu8.14","binary_name":"udev"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29111.json"}},{"package":{"name":"systemd","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/systemd@257.9-0ubuntu2.3?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"257.9-0ubuntu2.3"}]}],"versions":["257.4-1ubuntu3","257.6-1ubuntu1","257.7-1ubuntu1","257.7-1ubuntu3","257.8-0ubuntu2","257.9-0ubuntu1","257.9-0ubuntu2","257.9-0ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_version":"257.9-0ubuntu2.3","binary_name":"libnss-myhostname"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"libnss-mymachines"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"libnss-resolve"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"libnss-systemd"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"libpam-systemd"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"libsystemd-shared"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"libsystemd0"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"libudev1"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-boot"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-boot-efi"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-boot-tools"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-container"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-coredump"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-cryptsetup"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-homed"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-journal-remote"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-oomd"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-repart"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-resolved"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-standalone-shutdown"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-standalone-sysusers"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-standalone-tmpfiles"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-sysv"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-tests"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-timesyncd"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-ukify"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"systemd-userdbd"},{"binary_version":"257.9-0ubuntu2.3","binary_name":"udev"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29111.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}