#VU55034 Uncontrolled Memory Allocation in systemd


Published: 2021-07-21

Vulnerability identifier: #VU55034

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33910

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
systemd
Server applications / Other server solutions

Vendor: Freedesktop.org

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack exhaustion within the basic/unit-name.c in systemd. A local user can crash the systemd (PID 1) and cause a kernel panic.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

systemd: 220 - 249

Fixed software versions

CPE

External links
http://www.openwall.com/lists/oss-security/2021/07/20/2
http://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC VxRail Appliance
ClevOS update for IBM Cloud Object Storage Systems
Multiple vulnerabilities in IBM Cloud Foundry Migration Runtime
Multiple vulnerabilities in IBM Cloud Pak for Security
Multiple vulnerabilities in Dell Unity, Dell UnityVSA, and Dell Unity XT
Multiple vulnerabilities in Siemens SCALANCE LPE9403
SUSE update for systemd
SUSE update for systemd
Multiple vulnerabilities in Red Hat Web Terminal
SUSE update for systemd