Memory Allocation Vulnerability in systemd Affects Linux Operating Systems
CVE-2021-33910

5.5MEDIUM

Key Information:

Vendor

Systemd Project

Status
Systemd
Vendor
CVE Published:
20 July 2021

What is CVE-2021-33910?

A vulnerability in systemd prior to specific versions allows local attackers to exploit memory allocation functions, particularly strdupa and alloca, with excessively large values. This may lead to an uncontrolled memory allocation that results in operating system crashes, compromising the stability of the affected Linux distributions.

References

https://github.com/systemd/systemd/pull/20256/commits/441...
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2021/07/20/2
x_refsource_MISC
https://security.gentoo.org/glsa/202107-48
vendor-advisoryx_refsource_GENTOO

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.