Bug 14056 - CVE-2021-33910 [SYSTEMD] Memory Allocation with an Excessive Size Value that results in an operating system crash.
Summary: CVE-2021-33910 [SYSTEMD] Memory Allocation with an Excessive Size Value that ...
Status: RESOLVED MOVED
Alias: None
Product: buildroot
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: All Linux
: P5 critical
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-31 02:35 UTC by Francis Hu
Modified: 2024-06-15 14:59 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Francis Hu 2021-07-31 02:35:50 UTC 
Hi:
There is an systemd issue reported by NVD in https://nvd.nist.gov/vuln/detail/CVE-2021-33910.
The hyper link is shown below.
https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b

The issue description:
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
Comment 1 Fabrice Fontaine 2021-08-06 17:11:31 UTC 
systemd has been bumped to version 249.1 since July 20 and https://git.buildroot.net/buildroot/commit/?id=fbd9566220f2812baeff5dbd727bfc30fe4e93ea so master is not affected by this CVE. 

However, LTS branches are still using version 247.3, they should be bumped to 247.9.
Comment 2 Yann E. MORIN 2024-06-15 14:59:26 UTC 
Thank you for your report.

The issue tracker for the Buildroot project has been moved to
the Gitlab.com issue tracker:
    https://gitlab.com/buildroot.org/buildroot/-/issues

We are taking this opportunity to close old issues in this old
tracker. If you believe your issue is still relevant, please
open one in the new issue tracker.

Thank you!