CVE-2022-42012 in D-Bus
Summary
by MITRE • 10/10/2022
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/09/2025
The vulnerability identified as CVE-2022-42012 represents a critical denial-of-service flaw within the D-Bus messaging system that affects multiple versions of the daemon and library components. This issue resides in the handling of file descriptor attachments within D-Bus messages, creating a scenario where authenticated attackers can trigger crashes in dbus-daemon and other applications that rely on libdbus for communication. The vulnerability specifically manifests when these systems process messages containing file descriptors that are formatted in an unexpected manner, leading to memory corruption and subsequent system instability.
The technical nature of this flaw stems from inadequate input validation within the D-Bus message processing pipeline. When the dbus-daemon receives a message with attached file descriptors, it performs insufficient validation of the descriptor format and structure. This allows an attacker to craft malicious messages that contain malformed file descriptor data, which when processed by the vulnerable components causes memory corruption patterns that result in immediate program termination. The vulnerability operates at the protocol level where D-Bus handles file descriptor passing as part of its inter-process communication capabilities, making it particularly dangerous as it can affect any application that uses D-Bus for system communication.
The operational impact of CVE-2022-42012 extends beyond simple service disruption, as it can affect the stability of entire desktop environments and system services that depend on D-Bus for communication. Applications such as systemd, network managers, and various desktop components that rely on D-Bus for inter-process communication can experience crashes, potentially leading to complete system instability. The authenticated nature of this vulnerability means that attackers with limited user privileges can still cause significant disruption, as D-Bus is typically accessible to regular users for various system operations. This vulnerability can be particularly problematic in multi-user environments where an attacker might exploit this to cause persistent service disruptions or in embedded systems where D-Bus is integral to system functionality.
Security practitioners should prioritize patching affected systems to address this vulnerability, as it represents a straightforward denial-of-service vector that can be exploited without requiring elevated privileges. The recommended mitigation involves updating to D-Bus versions 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2, which contain the necessary fixes for proper file descriptor validation. Organizations should also consider implementing network segmentation and access controls to limit exposure, particularly in environments where D-Bus communication is not strictly required for all users. The vulnerability aligns with CWE-129, which describes improper validation of input ranges, and can be categorized under ATT&CK technique T1499.004 for network denial of service attacks, as it can be used to disrupt system services through carefully crafted messages that exploit weaknesses in the communication protocol handling.