QID 375711

Date Published: 2021-07-20

QID 375711: Linux systemd Denial of Service Vulnerability

systemd is a software suite that is included in most Linux-based OSes. It provides an array of system components for Linux operating systems. It provides a system and service manager that runs as PID 1 and starts the rest of the system.

The Qualys Research Team has discovered a stack exhaustion denial-of-service vulnerability in systemd, a near-ubiquitous utility available on major Linux operating systems.

This vulnerability was introduced in systemd v220 (April 2015) by commit 7410616c ("core: rework unit name validation and manipulation logic"), which replaced a strdup() in the heap with a strdupa() on the stack.

Successful exploitation of this vulnerability allows any unprivileged user to cause denial of service via kernel panic.

CVSS V3 rated as Medium - 5.5 severity.

CVSS V2 rated as Medium - 4.9 severity.

Solution

Upgrade to the latest packages which contain a patch.

Vendor References

SYSTEMD - github.com/systemd/systemd

CVEs related to QID 375711

CVE-2021-33910 |

Software Advisories

Advisory ID	Software	Component	Link
SYSTEMD			github.com/systemd/systemd

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].