CVE-2023-5616
Publication date 13 December 2023
Last updated 19 August 2025
Ubuntu priority
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.
From the Ubuntu Security Team
Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gnome-control-center | 25.04 plucky |
Fixed 1:45.0-1ubuntu4
|
| 24.04 LTS noble |
Fixed 1:45.0-1ubuntu4
|
|
| 22.04 LTS jammy |
Fixed 1:41.7-0ubuntu0.22.04.8
|
|
| 20.04 LTS focal |
Fixed 1:3.36.5-0ubuntu4.1
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Notes
alexmurray
systemd socket activation is only used by default for openssh-server since Ubuntu 22.10. Earlier releases would only be affected if the local system administrator had manually configured the system to use systemd socket activation. As such this issue is considered low priority on Ubuntu releases before 22.10.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.9 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-6554-1
- GNOME Settings vulnerability
- 13 December 2023