Main Vulnerability Database SB2021110420

SB2021110420 - SUSE update for systemd

Published: November 4, 2021

Security Bulletin ID SB2021110420

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Uncontrolled Memory Allocation (CVE-ID: CVE-2021-33910)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack exhaustion within the basic/unit-name.c in systemd. A local user can crash the systemd (PID 1) and cause a kernel panic.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2021/suse-su-20213611-1/

Vulnerable Software

SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server: 12-SP5
systemd-bash-completion: before 228-157.33.1
systemd-debuginfo-32bit: before 228-157.33.1
systemd-32bit: before 228-157.33.1
libudev1-debuginfo-32bit: before 228-157.33.1
libudev1-32bit: before 228-157.33.1
libsystemd0-debuginfo-32bit: before 228-157.33.1
libsystemd0-32bit: before 228-157.33.1
udev-debuginfo: before 228-157.33.1
udev: before 228-157.33.1
systemd-sysvinit: before 228-157.33.1
systemd: before 228-157.33.1
libudev1-debuginfo: before 228-157.33.1
libudev1: before 228-157.33.1
libsystemd0-debuginfo: before 228-157.33.1
libsystemd0: before 228-157.33.1
systemd-devel: before 228-157.33.1
systemd-debugsource: before 228-157.33.1
systemd-debuginfo: before 228-157.33.1
libudev-devel: before 228-157.33.1

SB2021110420 - SUSE update for systemd

Breakdown by Severity

Description

Remediation

References

Please verify you're human