Bug 2024639 (CVE-2021-3997) - CVE-2021-3997 systemd: Uncontrolled recursion in systemd-tmpfiles when removing files
Summary: CVE-2021-3997 systemd: Uncontrolled recursion in systemd-tmpfiles when removi...
Keywords:
Status: NEW
Alias: CVE-2021-3997
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2032290 2032291 2039383
Blocks: 2024641
TreeView+ depends on / blocked
 
Reported: 2021-11-18 14:55 UTC by Pedro Sampaio
Modified: 2023-12-01 00:16 UTC (History)
33 users (show)

Fixed In Version: systemd 249.8, systemd 250.2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2021-11-18 14:55:35 UTC 
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to denial of service at boot time.
Comment 19 Mauro Matteo Cascella 2022-01-10 20:19:36 UTC 
Upstream commit:
https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
Comment 20 Mauro Matteo Cascella 2022-01-11 09:54:35 UTC 
oss-security announcement by Qualys: https://www.openwall.com/lists/oss-security/2022/01/10/2.
Comment 21 Mauro Matteo Cascella 2022-01-11 16:12:18 UTC 
Created systemd tracking bugs for this issue:

Affects: fedora-all [bug 2039383]
Note You need to log in before you can comment on or make changes to this bug.