Description
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in
malcontent-timerd allows arbitrary users in the system to slowly fill up disk space
in /var/lib/malcontent-timerd
Published: 2026-05-13
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the RecordUsage D‑Bus method of malcontent‑timerd, which allows any local user to invoke the API and intentionally consume disk space inside /var/lib/malcontent‑timerd. This resource‑exhaustion flaw can slowly fill the device storage, disabling legitimate operations that require disk writes and potentially causing system malfunctions. The weakness is a classic case of CWE‑770, where uncontrolled allocation of system resources leads to denial of service.

Affected Systems

The affected component is the malcontent timer service (malcontent‑timerd) developed for the GNOME ecosystem. The flaw appears in the presented source tree for version 0.14.0 and may affect any later release that incorporates the unguarded RecordUsage method. Exact version details are not enumerated beyond the 0.14.0 code reference, so any distribution that ships this code path is potentially impacted.

Risk and Exploitability

The CVSS score of 5.1 reflects a moderate impact, and no EPSS score is available, suggesting a lower likelihood of widespread exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, further indicating low immediate threat. The attack vector is inferred to be local, as any admitted OS user can call the D‑Bus method. An attacker would need to persuade a normal user or take advantage of a local user that runs untrusted code to trigger the disk‑use traffic; no privilege escalation is required.

Generated by OpenCVE AI on May 13, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade malcontent to the latest released version that removes or guards the RecordUsage method.
  • Modify D‑Bus permissions or ACLs to restrict the RecordUsage interface to trusted system users only, blocking arbitrary local accounts from invoking it.
  • Regularly monitor the disk usage of /var/lib/malcontent‑timerd or set disk quotas to prevent the directory from consuming all available space.

Generated by OpenCVE AI on May 13, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome malcontent
Vendors & Products Gnome
Gnome malcontent

Wed, 13 May 2026 15:30:00 +0000

Type Values Removed Values Added
References

Wed, 13 May 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 09:15:00 +0000

Type Values Removed Values Added
Description The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd
Title malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API
Weaknesses CWE-770
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Gnome Malcontent
cve-icon MITRE

Status: PUBLISHED

Assigner: suse

Published:

Updated: 2026-05-13T10:48:50.090Z

Reserved: 2026-05-08T12:29:48.966Z

Link: CVE-2026-44931

cve-icon Vulnrichment

Updated: 2026-05-13T09:05:10.201Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T13:01:55.490

Modified: 2026-05-13T15:35:35.267

Link: CVE-2026-44931

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:34:37Z

Weaknesses