NA

CVE-2021-33910

Published: 20/07/2021 Updated: 24/07/2021

Vulnerability Summary

basic/unit-name.c in systemd before 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vendor Advisories

The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca() function could result in memory corruption, allowing to crash systemd and hence the entire operating system Details can be found in the Qualys advisory at wwwqualyscom/2021/07/20/cve-2021-33910/denial-of-service-systemdtxt For the stable distri ...
Arch Linux Security Advisory ASA-202107-57 ========================================== Severity: Medium Date : 2021-07-21 CVE-ID : CVE-2021-33910 Package : systemd Type : denial of service Remote : No Link : securityarchlinuxorg/AVG-2179 Summary ======= The package systemd before version 2491-1 is vulnerable to denial of ser ...
Systemd parses the content of /proc/self/mountinfo and each mountpoint is passed to mount_setup_unit(), which calls unit_name_path_escape() underneath A local attacker who is able to mount a filesystem with a very long path can crash systemd and the whole system ...

Mailing Lists

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel ...
Qualys Security Advisory Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909) ======================================================================== Contents ======================================================================== Summary Analysis Exploitation overview Exploitation details Mitigations Acknowledgments Timeline = ...
Qualys Security Advisory CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Acknowledgments Timeline ================================= ...