CVE-2022-42012 Overview
CVE-2022-42012 is an Improper Input Validation vulnerability affecting D-Bus, a message bus system widely used for inter-process communication (IPC) on Linux and Unix systems. The vulnerability exists in multiple versions of D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
Critical Impact
Authenticated attackers can crash D-Bus daemon and dependent services, causing denial of service across system services that rely on D-Bus for IPC communication.
Affected Products
- Freedesktop D-Bus (versions before 1.12.24, 1.13.x, 1.14.x before 1.14.4, and 1.15.x before 1.15.2)
- Fedora 35
- Fedora 36
- Fedora 37
Discovery Timeline
- 2022-10-06 - Vulnerability disclosed via OpenWall OSS-Security Discussion
- 2022-10-10 - CVE CVE-2022-42012 published to NVD
- 2025-06-09 - Last updated in NVD database
Technical Details for CVE-2022-42012
Vulnerability Analysis
This vulnerability stems from improper handling of file descriptors attached to D-Bus messages. D-Bus supports passing file descriptors between processes as part of its IPC mechanism, allowing applications to share open files, sockets, or other resources. However, when a malformed message contains file descriptors in an unexpected format, the parsing logic in libdbus fails to handle this condition gracefully.
The vulnerability allows an authenticated user with the ability to send D-Bus messages to craft a malicious message that triggers a crash in dbus-daemon or any application using the affected libdbus library. Since D-Bus is a fundamental component of modern Linux desktop environments and many system services, crashing the daemon can have cascading effects across the entire system.
Root Cause
The root cause is an Improper Input Validation issue (CWE-20) in the file descriptor handling code within libdbus. When processing messages with attached file descriptors, the library does not properly validate the format of the file descriptor array before attempting to process it. This allows specially crafted messages with malformed file descriptor attachments to cause memory access errors or assertion failures, leading to process termination.
Attack Vector
The attack requires network access and low-privilege authentication to the D-Bus system or session bus. An attacker who has legitimate access to send D-Bus messages can exploit this vulnerability by:
- Establishing a connection to the D-Bus daemon (system bus or session bus)
- Crafting a D-Bus message with file descriptors attached in an unexpected or malformed format
- Sending the malicious message to trigger the parsing error
- The dbus-daemon or receiving application crashes, causing denial of service
The vulnerability exploitation mechanism involves sending a D-Bus message with malformed file descriptor metadata that bypasses initial validation but causes a crash during later processing stages. Since D-Bus is integral to system service communication, a crash of dbus-daemon can disrupt desktop environments, system services, and inter-process communication across the affected system.
For technical details on the vulnerability, see the GitLab Issue #417.
Detection Methods for CVE-2022-42012
Indicators of Compromise
- Unexpected crashes or restarts of the dbus-daemon process
- System log entries showing dbus-daemon segmentation faults or assertion failures
- Service disruptions in applications dependent on D-Bus communication
- Core dumps from dbus-daemon or applications using libdbus
Detection Strategies
- Monitor system logs for dbus-daemon crash events using journalctl or syslog
- Implement process monitoring to detect unexpected dbus-daemon restarts
- Use audit logging to track D-Bus message sources when crashes occur
- Deploy endpoint detection to identify patterns of repeated D-Bus daemon crashes
Monitoring Recommendations
- Configure alerts for dbus-daemon process termination events in system monitoring tools
- Enable core dump collection for post-incident forensic analysis
- Monitor D-Bus connection patterns for unusual message activity
- Implement rate limiting on D-Bus connections to reduce impact of exploitation attempts
How to Mitigate CVE-2022-42012
Immediate Actions Required
- Update D-Bus to version 1.12.24 or later for the 1.12.x branch
- Update D-Bus to version 1.14.4 or later for the 1.14.x branch
- Update D-Bus to version 1.15.2 or later for the 1.15.x branch
- Apply vendor-provided security updates for your Linux distribution
Patch Information
Security patches are available from the freedesktop.org D-Bus project and have been incorporated into major Linux distributions. Fedora users should apply the updates referenced in the Fedora Package Announcements. Gentoo users should consult GLSA 202305-08 for patching guidance. For other distributions, consult your vendor's security advisory channels.
Workarounds
- Restrict access to the D-Bus system bus to trusted users and processes only
- Implement D-Bus policy restrictions to limit which users can send messages
- Consider using AppArmor or SELinux profiles to confine D-Bus daemon access
- Monitor and restart dbus-daemon automatically to maintain service availability until patches can be applied
# Check current D-Bus version
dbus-daemon --version
# Update D-Bus on Fedora/RHEL-based systems
sudo dnf update dbus dbus-libs
# Update D-Bus on Debian/Ubuntu-based systems
sudo apt update && sudo apt upgrade dbus libdbus-1-3
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
