basic/unit-name.c in systemd before 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
Most Upvoted Vulmon Research Post
There is no Researcher post for this vulnerability
Would you like to share something about it?
Sign up now to share your knowledge with the
The Qualys Research Labs discovered that an attacker-controlled
allocation using the alloca() function could result in memory
corruption, allowing to crash systemd and hence the entire operating
Details can be found in the Qualys advisory at
For the stable distri ...
Arch Linux Security Advisory ASA-202107-57
Date : 2021-07-21
CVE-ID : CVE-2021-33910
Package : systemd
Type : denial of service
Remote : No
Link : securityarchlinuxorg/AVG-2179
The package systemd before version 2491-1 is vulnerable to denial of
Systemd parses the content of /proc/self/mountinfo and each mountpoint is passed to mount_setup_unit(), which calls unit_name_path_escape() underneath A local attacker who is able to mount a filesystem with a very long path can crash systemd and the whole system ...
Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel ...