CVE-2020-16126

Severity CVSS v4.0:
Pending analysis
Type:
CWE-269 Improper Privilege Management
Publication date:
11/11/2020
Last modified:
17/06/2026

Description

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:freedesktop:accountsservice:*:*:*:*:*:*:*:* 0.6.55 (excluding)