On these three vulnerabilities - two are memory corruption (Stack Buffer Overflow) and one out-of-bounds error (Information Leak). The following CVE id have been allocated to the bug -
- CVE-2018-16864 - Privilege Escalation
- CVE-2018-16865 - Privilege Escalation
- CVE-2018-16866 - Information leak
Now the worst thing is that there no Patch Yet available for the discovered bugs. Only the information leak (CVE-2018-16866) vulnerability has been fixed on Debian in the unstable systemd 240-1 release.
We have also found a mailing list which describe the technical details on these bugs.