A new vulnerability in the Systemd component risks Linux systems as it allows an adversary to cause denial of service. Since the patch is available, users must ensure updating it at the earliest given the serious nature of the flaw.
Systemd Denial-Of-Service Vulnerability
Researchers from Qualys have discovered a new security bug in the Linux Systemd component. As elaborated in their post, exploiting this vulnerability allows an adversary to cause denial of service on target Linux systems.
Systemd is an important Linux software suite that serves as a service manager providing an array of system components.
Specifically, the vulnerability appeared in Systemd with April 2015 commit.
This vulnerability was introduced in systemd v220 (April 2015) by commit 7410616c (“core: rework unit name validation and manipulation logic”), which replaced a strdup() in the heap with a strdupa() on the stack.
Explaining the matter, the post states,
At line 386, unit_name_path_escape() passes the mountpoint path to strdupa(), which is similar to strdup() but allocates memory on the stack (via alloca()), not in the heap (via malloc()).
As a result, if the total path length of this mountpoint exceeds 8MB (the default RLIMIT_STACK), then systemd crashes with a segmentation fault that also crashes the entire operating system (a kernel panic, because systemd is the “global init”, PID 1).
The researchers have shared the PoC exploit with a detailed technical analysis of the bug in a separate advisory.
After discovering this flaw CVE-2021-33910, the researchers reached out to the Red Hat security team to report it together with a related vulnerability CVE-2021-33909.
Consequently, the Red Hat team fixed the bugs and released the patches.
Currently, no mitigations exist for the flaws. Whereas, all system releases from April 2015 are vulnerable.
Therefore, the researchers urge every user to deploy the patches at the earliest given the severity of the flaw.
Let us know your thoughts in the comments.