PT-2021-3825 · Systemd+9 · Systemd+9
Keszybz
·
Published
2021-06-09
·
Updated
2026-03-10
·
CVE-2021-33910
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
systemd versions prior to 246.15
systemd versions prior to 247.8
systemd versions prior to 248.5
systemd versions prior to 249.1
Description
The issue is related to uncontrolled resource consumption in the systemd initialization and service management subsystem, specifically in the functions
alloca() and strdup(). This can be exploited by an attacker to cause a denial of service, potentially leading to an operating system crash. The vulnerability involves a memory allocation with an excessive size value, where a local attacker can control the pathname, utilizing strdupa and alloca functions.Recommendations
For versions prior to 246.15, update to version 246.15 or later.
For versions prior to 247.8, update to version 247.8 or later.
For versions prior to 248.5, update to version 248.5 or later.
For versions prior to 249.1, update to version 249.1 or later.
Exploit
Fix
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Systemd