CVE-2026-40225 - Vulnerability Details

- systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output

Description

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Published: 2026-04-10

Score: 6.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Udev in systemd versions prior to 260 allows a local attacker to elevate privileges to root by exploiting malicious hardware devices and unsanitized kernel output. The flaw is based on improper handling of device creation events, leading to execution of code with system-level privileges. The weakness is classified under CWE‑250 and CWE‑669, indicating that a vulnerability in giving insufficient root privileges and unsafe handling of user data can cause unintended privilege escalation.

Affected Systems

All installations of systemd older than version 260 are vulnerable. System administrators should verify the current systemd version on their hosts and confirm whether it falls below the recommended release before applying a fix.

Risk and Exploitability

The CVSS score of 6.4 indicates a medium severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, further indicating limited exploitation activity. Based on the description, the likely attack vector is a local attacker with physical or administrative access who can attach a malicious hardware device, allowing the attacker to trigger the kernel output handling path. An exploit would result in root escalation, compromising system confidentiality, integrity, and availability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

systemd

unaffected

Version	Status	Constraints
`0`	affected	< 260

Configuration 1 [-]

OR	cpe:2.3:a:systemd_project:systemd::::::::
	cpe:2.3:a:systemd_project:systemd::::::::
	cpe:2.3:a:systemd_project:systemd::::::::

No data.

Vendor Product Confidence Versions

Systemd

100%

Version	Status	Scheme	Platform
`[0,260)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade systemd to version 260 or later.
Verify that the systemd binary is at the updated version using "systemctl --version".
If upgrade is not immediately possible, restrict physical access to trusted personnel and disable unnecessary udev rules until patch deployment completes.

Generated by OpenCVE AI on April 14, 2026 at 01:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4533-1	systemd security update

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx
https://nvd.nist.gov/vuln/detail/CVE-2026-40225
https://www.cve.org/CVERecord?id=CVE-2026-40225

History

Mon, 27 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Systemd Project Systemd Project systemd
CPEs		cpe:2.3:a:systemd_project:systemd::::::::
Vendors & Products		Systemd Project Systemd Project systemd

Tue, 14 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 14 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Title	Privilege Escalation via Malicious Hardware Devices in systemd udev	systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output
Weaknesses		CWE-250
References		https://nvd.nist.gov/vuln/detail/CVE-2026-40225 https://www.cve.org/CVERecord?id=CVE-2026-40225
Metrics	threat_severity `None`	threat_severity `Moderate`

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via Malicious Hardware Devices in systemd udev

Mon, 13 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Systemd Systemd systemd
Vendors & Products		Systemd Systemd systemd

Fri, 10 Apr 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Weaknesses		CWE-669
References		https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Systemd Systemd

Systemd Project Systemd

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-10T15:16:19.827Z

Updated: 2026-04-14T14:40:30.611Z

Reserved: 2026-04-10T15:16:19.391Z

Link: CVE-2026-40225

Vulnrichment

Updated: 2026-04-14T14:40:23.155Z

NVD

Status : Analyzed

Published: 2026-04-10T16:16:33.287

Modified: 2026-04-27T19:00:02.210

Link: CVE-2026-40225

Redhat

Severity : Moderate

Publid Date: 2026-04-10T15:16:19Z

Links: CVE-2026-40225 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-14T16:36:29Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object