Systemd, the Linux system and service manager that has largely replaced init as the master Linux startup and control program, has always had its critics. Now, with Qualys’s discovery of a new systemd security bug, systemd will have fewer friends. Successful exploitation of this newest vulnerability enables any unprivileged user to cause a denial of service via a kernel panic.
In a phrase, “that’s bad, that’s really bad.”
As Bharat Jogi, Qualys’s senior manager of Vulnerabilities and Signatures, wrote, “Given the breadth of the attack surface for this vulnerability, Qualys recommends users apply patches for this vulnerability immediately.” You can say that again.
Systemd is used in almost all modern Linux distributions. This particular security hole arrived in the systemd code in April 2015.