CVE-2021-33910: Medium severity ibm cloud pak for security vulnerability

Published Jun 11, 2021
·
Updated

A flaw was found in systemd. Attacker controlled alloca() in function unitnamepathescape() leads to a crash in systemd and ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo and each mountpoint is passed to mountsetupunit(), which calls unitnamepathescape() underneath to duplicate the string through alloca(). A local attacker who is able to mount a filesystem on a very long path can crash systemd and the whole system.

Upstream PR: https://github.com/systemd/systemd/pull/20256

Upstream commit: https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9

Other sources

A flaw was found in systemd. The use of alloca function with an uncontrolled size in function unitnamepathescape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. The highest threat from this vulnerability is to the system availability.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Systemd is vulnerable to a denial of service, caused by a memory allocation with an excessive size value in basic/unit-name.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash.

IBM

Affected Software

18 affected componentsFixes available
redhat/systemd<0:239-45.el8_4.2
0:239-45.el8_4.2
redhat/systemd<0:239-18.el8_1.8
0:239-18.el8_1.8
redhat/systemd<0:239-31.el8_2.4
0:239-31.el8_2.4
redhat/redhat-virtualization-host<0:4.4.7-20210715.1.el8_4
0:4.4.7-20210715.1.el8_4
debian/systemd
241-7~deb10u8241-7~deb10u10247.3-7+deb11u4252.17-1~deb12u1254.5-1
redhat/systemd<249
249
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
Systemd Project Systemd<246.15
Systemd Project Systemd>=247<247.8
Systemd Project Systemd>=248<248.5
Systemd Project Systemd>=249<249.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Debian Debian Linux=10.0
NetApp Hci Management Node
NetApp Solidfire

Remediation

Patch Available

http://www.openwall.com/lists/oss-security/2021/08/04/2

Patch Available

http://www.openwall.com/lists/oss-security/2021/08/17/3

Patch Available

http://www.openwall.com/lists/oss-security/2021/09/07/3

Patch Available

https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b

Patch Available

https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce

Patch Available

https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538

Patch Available

https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61

Patch Available

https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b

Patch Available

https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9

Information

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.

Event History

Jul 20, 2021
CVE Published
12:00 PM
CVE Published
via MITRE·06:13 PM
Data Sourced
via MITRE·06:13 PM
Description
Data Sourced
via NVD·07:15 PM
RemedyDescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2021-33910?

CVE-2021-33910 is a vulnerability found in systemd that allows a local attacker to crash the system by allocating a large amount of space in the stack.

2

What is the severity of CVE-2021-33910?

The severity of CVE-2021-33910 is high with a CVSS score of 6.2.

3

How does CVE-2021-33910 affect systemd?

CVE-2021-33910 affects systemd by exploiting the use of alloca function with an uncontrolled size in the unit_name_path_escape function, leading to a stack-based buffer overflow.

4

How can I fix CVE-2021-33910?

To fix CVE-2021-33910, update systemd to version 249 or higher.

5

Where can I find more information about CVE-2021-33910?

You can find more information about CVE-2021-33910 in the official GitHub repository of systemd.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203