CVE-2013-4394

Description

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."

How to fix CVE-2013-4394

To remediate CVE-2013-4394, upgrade the affected package to a fixed version below.

• Debian/systemd—upgrade to 204-5 or later

Is CVE-2013-4394 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 204-5

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-4394