{ "threat_severity" : "Important", "public_date" : "2021-07-20T12:00:00Z", "bugzilla" : { "description" : "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash", "id" : "1970887", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1970887" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.", "A flaw was found in systemd. The use of alloca function with an uncontrolled size in function unit_name_path_escape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. The highest threat from this vulnerability is to the system availability." ], "statement" : "This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7 as they did not use strdupa to duplicate strings in unit_name_path_escape function, but strdup, which allocates space on the heap.\nFurther, any Red Hat product which is supported on the Red Hat Enterprise Linux platform is also potentially impacted. This includes:\n* Product containers which are based on the RHEL or UBI container images. These images are updated regularly, and container health indicating whether a fix to this flaw is available can be seen in the Container Health Index, part of the Red Hat Container Catalog (https://access.redhat.com/containers). In addition, any customer containers should be manually rebuilt when the base images are updated.\n* Products which pull packages from the RHEL channel. Please ensure that the underlying Red Hat Enterprise Linux systemd package is current in these product environments.", "acknowledgement" : "Red Hat would like to thank Qualys Research Team for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHSA-2021:2717", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "systemd-0:239-45.el8_4.2" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2724", "cpe" : "cpe:/o:redhat:rhel_eus:8.1", "package" : "systemd-0:239-18.el8_1.8" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2721", "cpe" : "cpe:/o:redhat:rhel_eus:8.2", "package" : "systemd-0:239-31.el8_2.4" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2021-07-22T00:00:00Z", "advisory" : "RHSA-2021:2736", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "redhat-virtualization-host-0:4.4.7-20210715.1.el8_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "systemd", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "systemd", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-33910\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33910\nhttps://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt" ], "csaw" : true, "name" : "CVE-2021-33910", "mitigation" : { "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang" : "en:us" } }