Vulnerability Name:

CVE-2021-33910 (CCN-205907)

Assigned:2021-07-20
Published:2021-07-20
Updated:2022-06-14
Summary:basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-770
CWE-400
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-33910

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list

Source: CONFIRM
Type: UNKNOWN
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

Source: XF
Type: UNKNOWN
systemd-cve202133910-dos(205907)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b

Source: CCN
Type: systemd GIT Repository
basic/unit-name: do not use strdupa() on a path #20256

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2a6ba64260

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-166e461c8d

Source: CCN
Type: Packet Storm Security [07-21-2021]
Sequoia: A Deep Root In Linux's Filesystem Layer

Source: CCN
Type: oss-sec Mailing List, Tue, 20 Jul 2021 12:39:48 +0000
CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)

Source: GENTOO
Type: Third Party Advisory
GLSA-202107-48

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211104-0008/

Source: DEBIAN
Type: Third Party Advisory
DSA-4942

Source: CCN
Type: IBM Security Bulletin 6493729 (Cloud Pak for Security)
Cloud Pak for Security is vulnerable to several CVEs

Source: CCN
Type: IBM Security Bulletin 6498497 (Cloud Foundry Migration Runtime)
Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

Source: CCN
Type: IBM Security Bulletin 6529348 (Elastic Storage System)
There is a vulnerability in the systemd used in IBM Elastic Storage System

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/07/20/2

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-33910

Vulnerable Configuration:Configuration 1:
  • cpe:/a:systemd_project:systemd:*:*:*:*:*:*:*:* (Version >= 247 and < 247.8)
  • OR cpe:/a:systemd_project:systemd:*:*:*:*:*:*:*:* (Version < 246.15)
  • OR cpe:/a:systemd_project:systemd:*:*:*:*:*:*:*:* (Version >= 248 and < 248.5)
  • OR cpe:/a:systemd_project:systemd:*:*:*:*:*:*:*:* (Version >= 249 and < 249.1)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:systemd_project:systemd:220:*:*:*:*:*:*:*
  • OR cpe:/a:systemd_project:systemd:248:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:elastic_storage_system:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7678
    P
    		libsystemd0-249.16-150400.8.25.7 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:759
    P
    		Security update for MozillaThunderbird (Important)
    2022-09-15
    oval:org.opensuse.security:def:742
    P
    		Security update for mariadb (Important)
    2022-09-07
    oval:org.opensuse.security:def:6146
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:3660
    P
    		Security update for tiff (Low)
    2022-08-03
    oval:org.opensuse.security:def:95402
    P
    		Security update for mariadb (Important)
    2022-07-27
    oval:org.opensuse.security:def:6099
    P
    		Security update for zabbix (Moderate) (in QA)
    2022-07-25
    oval:org.opensuse.security:def:3643
    P
    		Security update for the Linux Kernel (Important)
    2022-07-21
    oval:org.opensuse.security:def:3457
    P
    		cpio-2.11-36.3.4 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3497
    P
    		gdm-3.10.0.1-54.6.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3086
    P
    		gnome-shell-search-provider-nautilus-3.20.3-23.12.10 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94716
    P
    		libsystemd0-249.11-150400.6.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94569
    P
    		graphite2-devel-1.3.11-2.12 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94609
    P
    		libXfont-devel-1.5.4-1.17 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95322
    P
    		Security update for libarchive (Moderate)
    2022-06-02
    oval:org.opensuse.security:def:102035
    P
    		Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) (Important)
    2022-03-29
    oval:org.opensuse.security:def:112528
    P
    		kubernetes1.22-apiserver-1.22.4-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:112864
    P
    		libsystemd0-249.4-2.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:60408
    P
    		Security update for systemd (Moderate)
    2021-11-04
    oval:org.opensuse.security:def:5146
    P
    		Security update for systemd (Moderate)
    2021-11-04
    oval:org.opensuse.security:def:26159
    P
    		Security update for systemd (Moderate)
    2021-11-04
    oval:org.opensuse.security:def:34585
    P
    		Security update for systemd (Moderate)
    2021-11-04
    oval:org.opensuse.security:def:111091
    P
    		Security update for systemd (Moderate)
    2021-10-18
    oval:org.opensuse.security:def:111742
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:107988
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:117502
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:102115
    P
    		Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:5854
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:64586
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:101322
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:108781
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:73708
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:66943
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:76011
    P
    		Security update for systemd (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:106325
    P
    		libsystemd0-249.4-2.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:99406
    P
    		 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:64749
    P
    		Security update for systemd (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:99983
    P
    		 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:73871
    P
    		Security update for systemd (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:67235
    P
    		Security update for systemd (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:100648
    P
    		 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:76303
    P
    		Security update for systemd (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:99134
    P
    		 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:99669
    P
    		 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:111682
    P
    		Security update for systemd (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:100319
    P
    		 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:101490
    P
    		Security update for systemd (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:101282
    P
    		log4j12-javadoc-1.2.17-2.26 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:110986
    P
    		Security update for systemd (Moderate)
    2021-07-24
    oval:org.opensuse.security:def:31223
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:58790
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:23623
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:51928
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:87431
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:127139
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:83311
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:com.redhat.rhsa:def:20212717
    P
    		RHSA-2021:2717: systemd security update (Important)
    2021-07-21
    oval:org.opensuse.security:def:33688
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:29400
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:57046
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:89424
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:85687
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:31656
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:59511
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:23940
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:55223
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:88160
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:83431
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:33946
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:30104
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:57479
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:86120
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:125573
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:32142
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:59769
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:55927
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:88474
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:84180
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:30224
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:57965
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:51611
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:86606
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:126742
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:82607
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:32967
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:56047
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:89166
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:84639
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:73854
    P
    		Security update for systemd (Important)
    2021-07-20
    oval:org.opensuse.security:def:67188
    P
    		Security update for systemd (Important)
    2021-07-20
    oval:org.opensuse.security:def:100638
    P
    		 (Important)
    2021-07-20
    oval:org.opensuse.security:def:76256
    P
    		Security update for systemd (Important)
    2021-07-20
    oval:org.opensuse.security:def:111628
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:5077
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:5774
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:64546
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:99660
    P
    		 (Important)
    2021-07-20
    oval:org.opensuse.security:def:108701
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:111630
    P
    		Security update for systemd (Important)
    2021-07-20
    oval:org.opensuse.security:def:73668
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:66863
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:100310
    P
    		 (Important)
    2021-07-20
    oval:org.opensuse.security:def:26090
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:75931
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:101473
    P
    		Security update for systemd (Important)
    2021-07-20
    oval:org.opensuse.security:def:34486
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:60309
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:99397
    P
    		 (Important)
    2021-07-20
    oval:org.opensuse.security:def:107948
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:117463
    P
    		Security update for systemd (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:64732
    P
    		Security update for systemd (Important)
    2021-07-20
    oval:org.opensuse.security:def:99974
    P
    		 (Important)
    2021-07-20
    BACK
    systemd_project systemd *
    systemd_project systemd *
    systemd_project systemd *
    systemd_project systemd *
    fedoraproject fedora 33
    fedoraproject fedora 34
    debian debian linux 10.0
    netapp solidfire -
    netapp hci management node -
    systemd_project systemd 220
    systemd_project systemd 248 -
    ibm elastic storage system 6.0.0
    ibm cloud pak for security 1.7.0.0
    ibm cloud pak for security 1.7.1.0
    ibm cloud pak for security 1.7.2.0