%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
systemd
Version
255.21
Type
library
Description
A System and service manager
Licenses
GPL-2.0-only & LGPL-2.1-or-later
PURL
-
CPE
cpe:2.3:*:systemd_project:systemd:255.21:*:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
nspawn: apply BindUser/Ephemeral from settings file only if
Luca Boccassi <luca.boccassi@gmail.com>
CVE-2026-40226
2
missing_type.h: add comparison_fn_t
Chen Qi <Qi.Chen@windriver.com>
3
pass correct parameters to getdents64
Khem Raj <raj.khem@gmail.com>
4
add fallback parse_printf_format implementation
Alexander Kanavin <alex.kanavin@gmail.com>
5
timedated: Respond on org.freedesktop.timedate1.SetNTP only
=?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
6
implment systemd-sysv-install for OE
Khem Raj <raj.khem@gmail.com>
7
add missing FTW_ macros for musl
Chen Qi <Qi.Chen@windriver.com>
8
errno-util: Make STRERROR portable for musl
Khem Raj <raj.khem@gmail.com>
9
Define glibc compatible basename() for non-glibc systems
Khem Raj <raj.khem@gmail.com>
10
sd-event: Make malloc_trim() conditional on glibc
Khem Raj <raj.khem@gmail.com>
11
avoid missing LOCK_EX declaration
Chen Qi <Qi.Chen@windriver.com>
12
udev: check for invalid chars in various fields received from
Luca Boccassi <luca.boccassi@gmail.com>
CVE-2026-40225
13
avoid redefinition of prctl_mm_map structure
Chen Qi <Qi.Chen@windriver.com>
14
Adjust for musl headers
Khem Raj <raj.khem@gmail.com>
15
missing_syscall.h: Define MIPS ABI defines for musl
Khem Raj <raj.khem@gmail.com>
16
udev: fix review mixup
Luca Boccassi <luca.boccassi@gmail.com>
CVE-2026-40225
17
do not disable buffer in writing files
Chen Qi <Qi.Chen@windriver.com>
18
src/basic/missing.h: check for missing strndupa
Chen Qi <Qi.Chen@windriver.com>
19
Use uintmax_t for handling rlim_t
Chen Qi <Qi.Chen@windriver.com>
20
shared: Do not use malloc_info on musl
Khem Raj <raj.khem@gmail.com>
21
distinguish XSI-compliant strerror_r from GNU-specifi
Chen Qi <Qi.Chen@windriver.com>
22
Do not disable buffering when writing to oom_score_adj
Chen Qi <Qi.Chen@windriver.com>
23
binfmt: Don't install dependency links at install time for
Chen Qi <Qi.Chen@windriver.com>
24
don't pass AT_SYMLINK_NOFOLLOW flag to faccessat()
Andre McCurdy <armccurdy@gmail.com>
25
Handle __cpu_mask usage
Scott Murray <scott.murray@konsulko.com>
26
Handle missing gshadow
Alex Kiernan <alex.kiernan@gmail.com>
27
don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined
Chen Qi <Qi.Chen@windriver.com>
28
test-bus-error: strerror() is assumed to be GNU specific
Khem Raj <raj.khem@gmail.com>
29
nspawn: normalize pivot_root paths
Luca Boccassi <luca.boccassi@gmail.com>
CVE-2026-40226
Vulnerabilities#
Name
Analysis
Description
Patched
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Patched
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Exploitable
systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.