6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.6%
An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.
A mitigation for this vulnerability is to avoid attaching Monitoring clients to the system bus when they are not needed. If there are no Monitoring clients, then
the vulnerable code is not reached.