CVE-2021-33910
Published on: 07/20/2021 12:00:00 AM UTC
Last Modified on: 06/14/2022 11:15:00 AM UTC
Certain versions of Debian Linux from Debian contain the following vulnerability:
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
- CVE-2021-33910 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.5 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 4.9 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
CVE-2021-33910 Systemd Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
![]() |
Sequoia: A Deep Root In Linux's Filesystem Layer ≈ Packet Storm | packetstormsecurity.com text/html |
![]() |
basic/unit-name: do not use strdupa() on a path · systemd/[email protected] · GitHub | github.com text/html |
![]() |
Debian -- Security Information -- DSA-4942-1 systemd | www.debian.org Depreciated Link text/html |
![]() |
basic/unit-name: do not use strdupa() on a path · systemd/[email protected] · GitHub | github.com text/html |
![]() |
oss-security - Re: Pop!_OS Membership to linux-distros list | www.openwall.com text/html |
![]() |
basic/unit-name: do not use strdupa() on a path by keszybz · Pull Request #20256 · systemd/systemd · GitHub | github.com text/html |
![]() |
Releases · systemd/systemd · GitHub | github.com text/html |
![]() |
basic/unit-name: do not use strdupa() on a path · systemd/[email protected] · GitHub | github.com text/html |
![]() |
Merge pull request #20256 from keszybz/one-alloca-too-many · systemd/[email protected] · GitHub | github.com text/html |
![]() |
cert-portal.siemens.com application/pdf |
![]() | |
[SECURITY] Fedora 34 Update: systemd-248.5-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
![]() |
oss-security - Re: Pop!_OS Membership to linux-distros list | www.openwall.com text/html |
![]() |
No Description Provided | lists.fedoraproject.org Inactive LinkNot Archived |
![]() |
oss-security - Re: Pop!_OS Membership to linux-distros list | www.openwall.com text/html |
![]() |
oss-security - CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) | www.openwall.com text/html |
![]() |
systemd: Multiple vulnerabilities (GLSA 202107-48) — Gentoo security | security.gentoo.org text/html |
![]() |
basic/unit-name: do not use strdupa() on a path · systemd/[email protected] · GitHub | github.com text/html |
![]() |
Related QID Numbers
- 159309 Oracle Enterprise Linux Security Update for systemd (ELSA-2021-2717)
- 178709 Debian Security Update for systemd (DSA 4942-1)
- 178711 Debian Security Update for systemd (DLA 2715-1)
- 179870 Debian Security Update for systemd (CVE-2021-33910)
- 198434 Ubuntu Security Notification for systemd vulnerabilities (USN-5013-1)
- 239496 Red Hat Update for systemd (RHSA-2021:2724)
- 239499 Red Hat Update for systemd (RHSA-2021:2721)
- 239503 Red Hat Update for systemd (RHSA-2021:2717)
- 239520 Red Hat Update for OpenShift Container Platform 4.7.21 (RHSA-2021:2763)
- 281733 Fedora Security Update for systemd (FEDORA-2021-2a6ba64260)
- 281739 Fedora Security Update for systemd (FEDORA-2021-166e461c8d)
- 375711 Linux systemd Denial of Service Vulnerability
- 590976 Siemens SCALANCE LPE9403 Third-Party Multiple Vulnerabilities (ICSA-22-167-09) (SSA-222547)
- 670729 EulerOS Security Update for systemd (EulerOS-SA-2021-2487)
- 670821 EulerOS Security Update for systemd (EulerOS-SA-2021-2700)
- 670837 EulerOS Security Update for systemd (EulerOS-SA-2021-2725)
- 710021 Gentoo Linux systemd Multiple vulnerabilities (GLSA 202107-48)
- 750843 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:2405-1)
- 750845 OpenSUSE Security Update for the systemd (openSUSE-SU-2021:2404-1)
- 750846 OpenSUSE Security Update for the systemd (openSUSE-SU-2021:2410-1)
- 750865 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:2423-1)
- 750892 OpenSUSE Security Update for systemd (openSUSE-SU-2021:1082-1)
- 751002 OpenSUSE Security Update for systemd (openSUSE-SU-2021:2809-1)
- 751220 OpenSUSE Security Update for systemd (openSUSE-SU-2021:3348-1)
- 751244 OpenSUSE Security Update for systemd (openSUSE-SU-2021:1370-1)
- 751324 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:3611-1)
- 900239 CBL-Mariner Linux Security Update for systemd 239
- 903616 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (4642)
- 940289 AlmaLinux Security Update for systemd (ALSA-2021:2717)
- 960011 Rocky Linux Security Update for systemd (RLSA-2021:2717)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Debian | Debian Linux | 10.0 | All | All | All |
Operating System | Fedoraproject | Fedora | 33 | All | All | All |
Operating System | Fedoraproject | Fedora | 34 | All | All | All |
Application | Freedesktop | Systemd | All | All | All | All |
Application | Netapp | Hci Management Node | - | All | All | All |
Application | Netapp | Solidfire | - | All | All | All |
Application | Systemd Project | Systemd | All | All | All | All |
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
- cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1): The Qualys Research Team has discovered a… twitter.com/i/web/status/1… | 2021-07-20 12:59:37 |
![]() |
blog.qualys.com/vulnerabilitie… CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1) | Qualys Security Blog #cybersecurity | 2021-07-20 13:47:09 |
![]() |
"RHSB-2021-006 Long path name in mountpoint flaws in the kernel and systemd (CVE-2021-33909, CVE-2021-33910)" access.redhat.com/security/vulne… | 2021-07-20 14:42:35 |
![]() |
? And another one down, and another one down, another one bites the dust ? #systemd qualys.com/2021/07/20/cve… | 2021-07-20 14:51:29 |
![]() |
CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1): Any unprivileged user can exploit this vul… twitter.com/i/web/status/1… | 2021-07-20 15:12:10 |
![]() |
SIOSセキュリティブログを更新しました。 QualysによるLinux Kernelの脆弱性(Important: CVE-2021-33909)とSystemdの脆弱性(CVE-2021-33910)に関するアドバイザリ… twitter.com/i/web/status/1… | 2021-07-20 17:02:00 |
![]() |
ah yes, another systemd vulnerability CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) qualys.com/2021/07/20/cve… | 2021-07-20 17:27:09 |
![]() |
Qualys Security Advisory: DoS (CVE-2021-33910) by stack exhaustion in systemd (PID 1), thanks to a user-controlled… twitter.com/i/web/status/1… | 2021-07-20 17:33:56 |
![]() |
CVE-2021-33910: don't wait... Saturday night with #systemd in the spot, don't believe just #patch! come on!… twitter.com/i/web/status/1… | 2021-07-20 17:35:06 |
![]() |
緩和策の記述が心許ない // QualysによるLinux Kernelの脆弱性(Important: CVE-2021-33909)とSystemdの脆弱性(CVE-2021-33910)に関するアドバイザリ -… twitter.com/i/web/status/1… | 2021-07-20 17:53:41 |
![]() |
RHSB-2021-006 Long path name in mountpoint flaws in the kernel and systemd (CVE-2021-33909, CVE-2021-33910) - Red H… twitter.com/i/web/status/1… | 2021-07-20 17:56:31 |
![]() |
CVE-2021-33910, is that the future everyone always says I should embrace? alloca() deserves to be forbidden anyway… twitter.com/i/web/status/1… | 2021-07-20 18:07:55 |
![]() |
Nach erster Sichtung sind wir für CVE-2021-33909 und CVE-2021-33910 nicht anfällig weil es bei uns kein FUSE gibt:… twitter.com/i/web/status/1… | 2021-07-20 18:42:09 |
![]() |
CVE-2021-33910 آسیب پذیری جدید لینوکسی که روی تمام توزیع های لینوکسی قابل اجراست. هر کاربر غیر root می تونه با است… twitter.com/i/web/status/1… | 2021-07-20 18:53:56 |
![]() |
CVE-2021-33910 : basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value… twitter.com/i/web/status/1… | 2021-07-20 19:04:30 |
![]() |
So a parser bug in systemd will crash Linux blog.qualys.com/vulnerabilitie… . Classic insecurity pattern: put ad hoc parser… twitter.com/i/web/status/1… | 2021-07-20 19:12:47 |
![]() |
CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1) | Qualys Security Blog blog.qualys.com/vulnerabilitie… | 2021-07-20 19:43:01 |
![]() |
#Cibersegruidad #infosec #seguridad #security CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privile… twitter.com/i/web/status/1… | 2021-07-20 21:31:31 |
![]() |
CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux… twitter.com/i/web/status/1… | 2021-07-20 21:33:03 |
![]() |
QualysによるLinux Kernelの脆弱性(Important: CVE-2021-33909)とSystemdの脆弱性(CVE-2021-33910)に関するアドバイザリ security.sios.com/vulnerability/… | 2021-07-20 22:15:35 |
![]() |
CVE-2021-33910: "This attack causes systemd, the services it manages, and the entire system to crash and stop respo… twitter.com/i/web/status/1… | 2021-07-20 22:26:06 |
![]() |
CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux noticiasseguridad.com/vulnerabilidad… | 2021-07-20 22:29:44 |
![]() |
Write up on the systemd DoS: blog.qualys.com/vulnerabilitie… twitter.com/encthenet/stat… | 2021-07-21 01:24:49 |
![]() |
CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux noticiasseguridad.com/vulnerabilidad… | 2021-07-21 01:33:03 |
![]() |
「「CVE-2021-33909」の調査を行う過程で「systemd」に関するサービス拒否の脆弱性「CVE-2021-33910」についても発見したとしてあわせて公表している。」 | 2021-07-21 02:46:43 |
![]() |
CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux noticiasseguridad.com/vulnerabilidad… | 2021-07-21 03:06:36 |
![]() |
blog.qualys.com/vulnerabilitie…... plurk.com/p/oh219e | 2021-07-21 03:49:40 |
![]() |
#CVE-2021-33910 Vulnerabilidad de escalada de #privilegios en todas las distribuciones #Linux noticiasseguridad.com/vulnerabilidad… | 2021-07-21 04:37:28 |
![]() |
CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1) | Qualys Security Blog blog.qualys.com/vulnerabilitie… | 2021-07-21 05:52:42 |
![]() |
Separately, Qualys also disclosed a stack exhaustion denial-of-service #vulnerability in systemd (CVE-2021-33910) t… twitter.com/i/web/status/1… | 2021-07-21 06:53:47 |
![]() |
"Separately, Qualys also disclosed a stack exhaustion denial-of-service #vulnerability in systemd (CVE-2021-33910)… twitter.com/i/web/status/1… | 2021-07-21 06:57:37 |
![]() |
blog.qualys.com/vulnerabilitie… | 2021-07-21 08:02:26 |
![]() |
I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-33910. The vuln was published 0 d… twitter.com/i/web/status/1… | 2021-07-21 09:04:01 |
![]() |
The vuln CVE-2021-33910 has a tweet created 0 days ago and retweeted 15 times. twitter.com/TheHackersNews… #Srmwnw7dtlmx2w | 2021-07-21 09:04:02 |
![]() |
Denial of service in systemd: blog.qualys.com/vulnerabilitie… | 2021-07-21 11:54:59 |
![]() |
CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux buff.ly/3iu78Tt | 2021-07-21 12:00:26 |
![]() |
This does not look good :( blog.qualys.com/vulnerabilitie… | 2021-07-21 12:18:42 |
![]() |
CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1) | Qualys Security Blog… twitter.com/i/web/status/1… | 2021-07-21 13:46:46 |
![]() |
CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) qualys.com/2021/07/20/cve… | 2021-07-21 15:33:35 |
![]() |
Following #CVE-2021-33910, @pid_eins shall really learn about... StackOverflow. #systemd #initfreedom Enjoy Debian… twitter.com/i/web/status/1… | 2021-07-21 16:24:10 |
![]() |
Nasty Linux Systemd Security Bug Revealed blog.qualys.com/vulnerabilitie… | 2021-07-21 19:00:24 |
![]() |
CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux dlvr.it/S49QnN | 2021-07-21 19:22:36 |
![]() |
New security updates rolling out for CVE-2021-33909 and CVE-2021-33910: - 34.20210626.3.2 -> stable (tomorrow) - 3… twitter.com/i/web/status/1… | 2021-07-21 19:24:23 |
![]() |
CVE-2021-33910: UNA VULNERABILIDAD MUY CRÍTICA DE ESCALADA DE PRIVILEGIOS EN TODAS LAS DISTRIBUCIONES LINUX lnkd.in/dpSXWTN | 2021-07-21 19:29:12 |
![]() |
CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux noticiasseguridad.com/vulnerabilidad… | 2021-07-21 19:37:13 |
![]() |
The vuln CVE-2021-33910 has a tweet created 0 days ago and retweeted 10 times. twitter.com/ciberconsejo/s… #pow1rtrtwwcve | 2021-07-21 21:06:00 |
![]() |
The vuln CVE-2021-33910 has a tweet created 1 days ago and retweeted 11 times. twitter.com/0xdea/status/1… #pow1rtrtwwcve | 2021-07-22 07:06:01 |
![]() |
BUFF!!!!! CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones… twitter.com/i/web/status/1… | 2021-07-22 07:18:52 |
![]() |
#Schwachstelle in #Systemd betrifft viele #Linux Distributionen CVE-2021-33910 administrator.de/knowledge/schw… | 2021-07-22 11:01:34 |
![]() |
#Vulnerability in #Systemd affects many #Linux distributions CVE-2021-33910 administrator.pro/knowledge/vuln… | 2021-07-22 11:09:59 |
![]() |
@nixcraft It'll not good, if you don't patch your distros now CVE-2021-33910 CVE-2021-33909 | 2021-07-22 11:48:25 |
![]() |
#Systemd, delivering you the best #CVEs in PID 1 since 2010. blog.qualys.com/vulnerabilitie… | 2021-07-22 12:15:43 |
![]() |
I love the opening to qualys.com/2021/07/20/cve… - there's a kind of charming childlike wonder of security researchers… twitter.com/i/web/status/1… | 2021-07-22 16:12:37 |
![]() |
RHSB-2021-006 Long path name in mountpoint flaws in the kernel and systemd (CVE-2021-33909, CVE-2021-33910) - Red Hat Customer Portal | 2021-07-20 17:43:14 |
![]() |
CVE-2021-33910 | 2021-07-20 19:40:34 |
![]() |
systemdシステムディ | 2021-08-28 09:35:03 |
![]() |
true | 2021-09-15 19:43:11 |
![]() |
systemdシステムディ | 2022-07-30 17:32:39 |