CVE-2021-33910

Published on: 07/20/2021 12:00:00 AM UTC

Last Modified on: 06/14/2022 11:15:00 AM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

  • CVE-2021-33910 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
CVE-2021-33910 Systemd Vulnerability in NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20211104-0008/
Sequoia: A Deep Root In Linux's Filesystem Layer ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
basic/unit-name: do not use strdupa() on a path · systemd/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
Debian -- Security Information -- DSA-4942-1 systemd www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-4942
basic/unit-name: do not use strdupa() on a path · systemd/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
oss-security - Re: Pop!_OS Membership to linux-distros list www.openwall.com
text/html
URL Logo MLIST [oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list
basic/unit-name: do not use strdupa() on a path by keszybz · Pull Request #20256 · systemd/systemd · GitHub github.com
text/html
URL Logo MISC github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
Releases · systemd/systemd · GitHub github.com
text/html
URL Logo MISC github.com/systemd/systemd/releases
basic/unit-name: do not use strdupa() on a path · systemd/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
Merge pull request #20256 from keszybz/one-alloca-too-many · systemd/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
cert-portal.siemens.com
application/pdf
URL Logo CONFIRM cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
[SECURITY] Fedora 34 Update: systemd-248.5-1.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2021-2a6ba64260
oss-security - Re: Pop!_OS Membership to linux-distros list www.openwall.com
text/html
URL Logo MLIST [oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list
No Description Provided lists.fedoraproject.org

Inactive LinkNot Archived
URL Logo FEDORA FEDORA-2021-166e461c8d
oss-security - Re: Pop!_OS Membership to linux-distros list www.openwall.com
text/html
URL Logo MLIST [oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list
oss-security - CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) www.openwall.com
text/html
URL Logo MISC www.openwall.com/lists/oss-security/2021/07/20/2
systemd: Multiple vulnerabilities (GLSA 202107-48) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-202107-48
basic/unit-name: do not use strdupa() on a path · systemd/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce

Related QID Numbers

  • 159309 Oracle Enterprise Linux Security Update for systemd (ELSA-2021-2717)
  • 178709 Debian Security Update for systemd (DSA 4942-1)
  • 178711 Debian Security Update for systemd (DLA 2715-1)
  • 179870 Debian Security Update for systemd (CVE-2021-33910)
  • 198434 Ubuntu Security Notification for systemd vulnerabilities (USN-5013-1)
  • 239496 Red Hat Update for systemd (RHSA-2021:2724)
  • 239499 Red Hat Update for systemd (RHSA-2021:2721)
  • 239503 Red Hat Update for systemd (RHSA-2021:2717)
  • 239520 Red Hat Update for OpenShift Container Platform 4.7.21 (RHSA-2021:2763)
  • 281733 Fedora Security Update for systemd (FEDORA-2021-2a6ba64260)
  • 281739 Fedora Security Update for systemd (FEDORA-2021-166e461c8d)
  • 375711 Linux systemd Denial of Service Vulnerability
  • 590976 Siemens SCALANCE LPE9403 Third-Party Multiple Vulnerabilities (ICSA-22-167-09) (SSA-222547)
  • 670729 EulerOS Security Update for systemd (EulerOS-SA-2021-2487)
  • 670821 EulerOS Security Update for systemd (EulerOS-SA-2021-2700)
  • 670837 EulerOS Security Update for systemd (EulerOS-SA-2021-2725)
  • 710021 Gentoo Linux systemd Multiple vulnerabilities (GLSA 202107-48)
  • 750843 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:2405-1)
  • 750845 OpenSUSE Security Update for the systemd (openSUSE-SU-2021:2404-1)
  • 750846 OpenSUSE Security Update for the systemd (openSUSE-SU-2021:2410-1)
  • 750865 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:2423-1)
  • 750892 OpenSUSE Security Update for systemd (openSUSE-SU-2021:1082-1)
  • 751002 OpenSUSE Security Update for systemd (openSUSE-SU-2021:2809-1)
  • 751220 OpenSUSE Security Update for systemd (openSUSE-SU-2021:3348-1)
  • 751244 OpenSUSE Security Update for systemd (openSUSE-SU-2021:1370-1)
  • 751324 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:3611-1)
  • 900239 CBL-Mariner Linux Security Update for systemd 239
  • 903616 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (4642)
  • 940289 AlmaLinux Security Update for systemd (ALSA-2021:2717)
  • 960011 Rocky Linux Security Update for systemd (RLSA-2021:2717)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
FedoraprojectFedora33AllAllAll
Operating
System
FedoraprojectFedora34AllAllAll
ApplicationFreedesktopSystemdAllAllAllAll
ApplicationNetappHci Management Node-AllAllAll
ApplicationNetappSolidfire-AllAllAll
ApplicationSystemd ProjectSystemdAllAllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
  • cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @shah_sheikh CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1): The Qualys Research Team has discovered a… twitter.com/i/web/status/1… 2021-07-20 12:59:37
Twitter Icon @netsecu blog.qualys.com/vulnerabilitie… CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1) | Qualys Security Blog #cybersecurity 2021-07-20 13:47:09
Twitter Icon @slpnix "RHSB-2021-006 Long path name in mountpoint flaws in the kernel and systemd (CVE-2021-33909, CVE-2021-33910)" access.redhat.com/security/vulne… 2021-07-20 14:42:35
Twitter Icon @laurentbercot ? And another one down, and another one down, another one bites the dust ? #systemd qualys.com/2021/07/20/cve… 2021-07-20 14:51:29
Twitter Icon @qualys CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1): Any unprivileged user can exploit this vul… twitter.com/i/web/status/1… 2021-07-20 15:12:10
Twitter Icon @omokazuki SIOSセキュリティブログを更新しました。 QualysによるLinux Kernelの脆弱性(Important: CVE-2021-33909)とSystemdの脆弱性(CVE-2021-33910)に関するアドバイザリ… twitter.com/i/web/status/1… 2021-07-20 17:02:00
Twitter Icon @Julian_Wampfler ah yes, another systemd vulnerability CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) qualys.com/2021/07/20/cve… 2021-07-20 17:27:09
Twitter Icon @pozdnychev Qualys Security Advisory: DoS (CVE-2021-33910) by stack exhaustion in systemd (PID 1), thanks to a user-controlled… twitter.com/i/web/status/1… 2021-07-20 17:33:56
Twitter Icon @roarinpenguin CVE-2021-33910: don't wait... Saturday night with #systemd in the spot, don't believe just #patch! come on!… twitter.com/i/web/status/1… 2021-07-20 17:35:06
Twitter Icon @w4yh 緩和策の記述が心許ない // QualysによるLinux Kernelの脆弱性(Important: CVE-2021-33909)とSystemdの脆弱性(CVE-2021-33910)に関するアドバイザリ -… twitter.com/i/web/status/1… 2021-07-20 17:53:41
Twitter Icon @w4yh RHSB-2021-006 Long path name in mountpoint flaws in the kernel and systemd (CVE-2021-33909, CVE-2021-33910) - Red H… twitter.com/i/web/status/1… 2021-07-20 17:56:31
Twitter Icon @Knoblauchkeks CVE-2021-33910, is that the future everyone always says I should embrace? alloca() deserves to be forbidden anyway… twitter.com/i/web/status/1… 2021-07-20 18:07:55
Twitter Icon @ubernauten Nach erster Sichtung sind wir für CVE-2021-33909 und CVE-2021-33910 nicht anfällig weil es bei uns kein FUSE gibt:… twitter.com/i/web/status/1… 2021-07-20 18:42:09
Twitter Icon @null_usernames CVE-2021-33910 آسیب پذیری جدید لینوکسی که روی تمام توزیع های لینوکسی قابل اجراست. هر کاربر غیر root می تونه با است… twitter.com/i/web/status/1… 2021-07-20 18:53:56
Twitter Icon @CVEreport CVE-2021-33910 : basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value… twitter.com/i/web/status/1… 2021-07-20 19:04:30
Twitter Icon @sergeybratus So a parser bug in systemd will crash Linux blog.qualys.com/vulnerabilitie… . Classic insecurity pattern: put ad hoc parser… twitter.com/i/web/status/1… 2021-07-20 19:12:47
Twitter Icon @LordKarma42 CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1) | Qualys Security Blog blog.qualys.com/vulnerabilitie… 2021-07-20 19:43:01
Twitter Icon @Webimprints #Cibersegruidad #infosec #seguridad #security CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privile… twitter.com/i/web/status/1… 2021-07-20 21:31:31
Twitter Icon @AcooEdi CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux… twitter.com/i/web/status/1… 2021-07-20 21:33:03
Twitter Icon @matsuu_zatsu QualysによるLinux Kernelの脆弱性(Important: CVE-2021-33909)とSystemdの脆弱性(CVE-2021-33910)に関するアドバイザリ security.sios.com/vulnerability/… 2021-07-20 22:15:35
Twitter Icon @PCTuning_OW CVE-2021-33910: "This attack causes systemd, the services it manages, and the entire system to crash and stop respo… twitter.com/i/web/status/1… 2021-07-20 22:26:06
Twitter Icon @torsity_intel CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux noticiasseguridad.com/vulnerabilidad… 2021-07-20 22:29:44
Twitter Icon @encthenet Write up on the systemd DoS: blog.qualys.com/vulnerabilitie… twitter.com/encthenet/stat… 2021-07-21 01:24:49
Twitter Icon @LavandeiraSyst CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux noticiasseguridad.com/vulnerabilidad… 2021-07-21 01:33:03
Twitter Icon @ohhara_shiojiri 「「CVE-2021-33909」の調査を行う過程で「systemd」に関するサービス拒否の脆弱性「CVE-2021-33910」についても発見したとしてあわせて公表している。」 2021-07-21 02:46:43
Twitter Icon @ConceptoNET CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux noticiasseguridad.com/vulnerabilidad… 2021-07-21 03:06:36
Twitter Icon @zakame blog.qualys.com/vulnerabilitie…... plurk.com/p/oh219e 2021-07-21 03:49:40
Twitter Icon @rkx73 #CVE-2021-33910 Vulnerabilidad de escalada de #privilegios en todas las distribuciones #Linux noticiasseguridad.com/vulnerabilidad… 2021-07-21 04:37:28
Twitter Icon @LordKarma42 CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1) | Qualys Security Blog blog.qualys.com/vulnerabilitie… 2021-07-21 05:52:42
Twitter Icon @TheHackersNews Separately, Qualys also disclosed a stack exhaustion denial-of-service #vulnerability in systemd (CVE-2021-33910) t… twitter.com/i/web/status/1… 2021-07-21 06:53:47
Twitter Icon @trip_elix "Separately, Qualys also disclosed a stack exhaustion denial-of-service #vulnerability in systemd (CVE-2021-33910)… twitter.com/i/web/status/1… 2021-07-21 06:57:37
Twitter Icon @Kevitivity blog.qualys.com/vulnerabilitie… 2021-07-21 08:02:26
Twitter Icon @ipssignatures I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-33910. The vuln was published 0 d… twitter.com/i/web/status/1… 2021-07-21 09:04:01
Twitter Icon @ipssignatures The vuln CVE-2021-33910 has a tweet created 0 days ago and retweeted 15 times. twitter.com/TheHackersNews… #Srmwnw7dtlmx2w 2021-07-21 09:04:02
Twitter Icon @rshift Denial of service in systemd: blog.qualys.com/vulnerabilitie… 2021-07-21 11:54:59
Twitter Icon @ASI_Auditores CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux buff.ly/3iu78Tt 2021-07-21 12:00:26
Twitter Icon @caseybecking This does not look good :( blog.qualys.com/vulnerabilitie… 2021-07-21 12:18:42
Twitter Icon @hunleyd CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1) | Qualys Security Blog… twitter.com/i/web/status/1… 2021-07-21 13:46:46
Twitter Icon @jedisct1 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1) qualys.com/2021/07/20/cve… 2021-07-21 15:33:35
Twitter Icon @leconnarddufond Following #CVE-2021-33910, @pid_eins shall really learn about... StackOverflow. #systemd #initfreedom Enjoy Debian… twitter.com/i/web/status/1… 2021-07-21 16:24:10
Twitter Icon @watrcoolr Nasty Linux Systemd Security Bug Revealed blog.qualys.com/vulnerabilitie… 2021-07-21 19:00:24
Twitter Icon @iHackeo CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux dlvr.it/S49QnN 2021-07-21 19:22:36
Twitter Icon @FedoraCoreOS New security updates rolling out for CVE-2021-33909 and CVE-2021-33910: - 34.20210626.3.2 -> stable (tomorrow) - 3… twitter.com/i/web/status/1… 2021-07-21 19:24:23
Twitter Icon @garcesvarela CVE-2021-33910: UNA VULNERABILIDAD MUY CRÍTICA DE ESCALADA DE PRIVILEGIOS EN TODAS LAS DISTRIBUCIONES LINUX lnkd.in/dpSXWTN 2021-07-21 19:29:12
Twitter Icon @zoro_vega CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones Linux noticiasseguridad.com/vulnerabilidad… 2021-07-21 19:37:13
Twitter Icon @ipssignatures The vuln CVE-2021-33910 has a tweet created 0 days ago and retweeted 10 times. twitter.com/ciberconsejo/s… #pow1rtrtwwcve 2021-07-21 21:06:00
Twitter Icon @ipssignatures The vuln CVE-2021-33910 has a tweet created 1 days ago and retweeted 11 times. twitter.com/0xdea/status/1… #pow1rtrtwwcve 2021-07-22 07:06:01
Twitter Icon @tecnoideas20 BUFF!!!!! CVE-2021-33910: una vulnerabilidad muy crítica de escalada de privilegios en todas las distribuciones… twitter.com/i/web/status/1… 2021-07-22 07:18:52
Twitter Icon @admonaut #Schwachstelle in #Systemd betrifft viele #Linux Distributionen CVE-2021-33910 administrator.de/knowledge/schw… 2021-07-22 11:01:34
Twitter Icon @admonaut #Vulnerability in #Systemd affects many #Linux distributions CVE-2021-33910 administrator.pro/knowledge/vuln… 2021-07-22 11:09:59
Twitter Icon @masedinet @nixcraft It'll not good, if you don't patch your distros now CVE-2021-33910 CVE-2021-33909 2021-07-22 11:48:25
Twitter Icon @UncannyStatic #Systemd, delivering you the best #CVE​s in PID 1 since 2010. blog.qualys.com/vulnerabilitie… 2021-07-22 12:15:43
Twitter Icon @judsonlester I love the opening to qualys.com/2021/07/20/cve… - there's a kind of charming childlike wonder of security researchers… twitter.com/i/web/status/1… 2021-07-22 16:12:37
Reddit Logo Icon /r/devopsish RHSB-2021-006 Long path name in mountpoint flaws in the kernel and systemd (CVE-2021-33909, CVE-2021-33910) - Red Hat Customer Portal 2021-07-20 17:43:14
Reddit Logo Icon /r/netcve CVE-2021-33910 2021-07-20 19:40:34
Reddit Logo Icon /r/copypasta systemdシステムディ 2021-08-28 09:35:03
Reddit Logo Icon /r/BigOSsucks true 2021-09-15 19:43:11
Reddit Logo Icon /r/LinuxCirclejerk systemdシステムディ 2022-07-30 17:32:39
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report