Login Sign Up

CVE-2020-35512

7.8 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in D-Bus allows memory corruption when multiple usernames share the same UID and have policy rules referencing them. This can cause crashes or undefined behavior, potentially leading to denial of service or code execution. Systems running affected D-Bus versions with shared UID configurations are vulnerable.

💻 Affected Systems

Products:
  • D-Bus
Versions: Development branch <= 1.13.16, stable branch <= 1.12.18, older branches <= 1.10.30
Operating Systems: Linux distributions using affected D-Bus versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when system has multiple usernames sharing the same UID with policy rules referencing them

📦 What is this software?

Dbus by Freedesktop

View all CVEs affecting Dbus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise if memory corruption can be weaponized

🟠

Likely Case

Denial of service through D-Bus daemon crashes, disrupting inter-process communication

🟢

If Mitigated

Minimal impact if shared UID configurations are avoided and proper access controls exist

🌐 Internet-Facing: LOW - D-Bus is typically not directly internet-facing
🏢 Internal Only: MEDIUM - Requires local access and specific shared UID configuration

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires specific shared UID configuration and policy rules; exploitation details not publicly documented

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Development branch: 1.13.17+, stable branch: 1.12.19+, older branches: 1.10.31+

Vendor Advisory: https://gitlab.freedesktop.org/dbus/dbus/-/issues/305

Restart Required: Yes

Instructions:

1. Update D-Bus package using system package manager (apt/yum/dnf/zypper). 2. Restart D-Bus daemon: 'systemctl restart dbus'. 3. Verify version with 'dbus-daemon --version'.

🔧 Temporary Workarounds

Avoid shared UID configurations

linux

Ensure no usernames share the same UID on the system

cat /etc/passwd | cut -d: -f3 | sort -n | uniq -d

Restrict D-Bus policy rules

linux

Review and remove unnecessary policy rules referencing usernames

grep -r "<user>" /etc/dbus-1/

🧯 If You Can't Patch

  • Audit system for shared UID configurations and eliminate them
  • Implement strict access controls to limit who can modify D-Bus policy files

🔍 How to Verify

Check if Vulnerable:

Check D-Bus version with 'dbus-daemon --version' and verify if system has shared UIDs with 'cat /etc/passwd | cut -d: -f3 | sort -n | uniq -d'

Check Version:

dbus-daemon --version

Verify Fix Applied:

Confirm D-Bus version is patched (1.13.17+, 1.12.19+, or 1.10.31+) and no shared UIDs exist

📡 Detection & Monitoring

Log Indicators:

  • D-Bus daemon crashes in system logs
  • Segmentation fault errors related to dbus-daemon

Network Indicators:

  • Unusual D-Bus communication patterns

SIEM Query:

process.name="dbus-daemon" AND (event.action="segmentation_fault" OR event.action="crash")

📊 Metadata

CVE ID: CVE-2020-35512
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: February 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35512, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)