製品・ソフトウェアに関する情報

JVN脆弱性詳細

systemd における制限またはスロットリング無しのリソースの割り当てに関する脆弱性

Title	systemd における制限またはスロットリング無しのリソースの割り当てに関する脆弱性
Summary	systemd には、制限またはスロットリング無しのリソースの割り当てに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 20, 2021, midnight
Registration Date	Sept. 8, 2022, 3:04 p.m.
Last Update	Sept. 19, 2025, 5:24 p.m.

CVSS3.0 : 警告
Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	4.9
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:C

Affected System

Debian

Debian GNU/Linux

Fedora Project

Fedora

NetApp

NetApp HCI Management Node

NetApp SolidFire

systemd project

systemd 246.15 未満

systemd 247.8 未満

systemd 248.5 未満

systemd 249.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-33910	https://www.cve.org/CVERecord?id=CVE-2021-33910
National Vulnerability Database (NVD)
2	CVE-2021-33910	https://nvd.nist.gov/vuln/detail/CVE-2021-33910

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-770	https://cwe.mitre.org/data/definitions/770.html

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-4942-1	https://www.debian.org/security/2021/dsa-4942
Fedora Update Notification
2	FEDORA-2021-166e461c8d	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
3	FEDORA-2021-2a6ba64260	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
GitHub
4	basic/unit-name: do not use strdupa() on a path #20256	https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
5	basic/unit-name: do not use strdupa() on a path (commit 4a1c5f34bd3e1daed4490e9d97918e504d19733b)	https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
6	basic/unit-name: do not use strdupa() on a path (commit 764b74113e36ac5219a4b82a05f311b5a92136ce)	https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
7	basic/unit-name: do not use strdupa() on a path (commit b00674347337b7531c92fdb65590ab253bb57538)	https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
8	basic/unit-name: do not use strdupa() on a path (commit cfd14c65374027b34dbbc4f0551456c5dc2d1f61)	https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
9	Merge pull request #20256 from keszybz/one-alloca-too-many	https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
NetApp Advisory
10	NTAP-20211104-0008	https://security.netapp.com/advisory/ntap-20211104-0008/

その他

No	Name	URL
JVN
1	JVNVU#99030761	https://jvn.jp/vu/JVNVU99030761/index.html
関連文書
2	Re: Pop!_OS Membership to linux-distros list (2021/08/04/2)	https://www.openwall.com/lists/oss-security/2021/08/04/2
3	Re: Pop!_OS Membership to linux-distros list (2021/08/17/3)	https://www.openwall.com/lists/oss-security/2021/08/17/3
4	Re: Pop!_OS Membership to linux-distros list (2021/09/07/3)	https://www.openwall.com/lists/oss-security/2021/09/07/3

Change Log

No	Changed Details	Date of change
1	[2022年09月08日] 掲載	Sept. 8, 2022, 3:04 p.m.
2	[2025年09月19日] 参考情報：JVN (JVNVU#99030761) を追加	Sept. 19, 2025, 4:41 p.m.

NVD Vulnerability Information

CVE-2021-33910

Summary	basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
Publication Date	July 21, 2021, 4:15 a.m.
Registration Date	July 21, 2021, 10 a.m.
Last Update	Nov. 21, 2024, 3:09 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:systemd_project:systemd::::::::	247			247.8
cpe:2.3:a:systemd_project:systemd::::::::				246.15
cpe:2.3:a:systemd_project:systemd::::::::	248			248.5
cpe:2.3:a:systemd_project:systemd::::::::	249			249.1

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html	Exploit Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html	Exploit Third Party Advisory VDB Entry
3	http://www.openwall.com/lists/oss-security/2021/08/04/2	Mailing List Patch Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2021/08/04/2	Mailing List Patch Third Party Advisory
5	http://www.openwall.com/lists/oss-security/2021/08/17/3	Mailing List Patch Third Party Advisory
6	http://www.openwall.com/lists/oss-security/2021/08/17/3	Mailing List Patch Third Party Advisory
7	http://www.openwall.com/lists/oss-security/2021/09/07/3	Mailing List Patch Third Party Advisory
8	http://www.openwall.com/lists/oss-security/2021/09/07/3	Mailing List Patch Third Party Advisory
9	https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
10	https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
11	https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b	Patch Third Party Advisory
12	https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b	Patch Third Party Advisory
13	https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9	Patch Third Party Advisory
14	https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9	Patch Third Party Advisory
15	https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b	Patch Third Party Advisory
16	https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b	Patch Third Party Advisory
17	https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce	Patch Third Party Advisory
18	https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce	Patch Third Party Advisory
19	https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538	Patch Third Party Advisory
20	https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538	Patch Third Party Advisory
21	https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61	Patch Third Party Advisory
22	https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61	Patch Third Party Advisory
23	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
24	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
25	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
26	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
27	https://security.gentoo.org/glsa/202107-48	Third Party Advisory
28	https://security.gentoo.org/glsa/202107-48	Third Party Advisory
29	https://security.netapp.com/advisory/ntap-20211104-0008/	Third Party Advisory
30	https://security.netapp.com/advisory/ntap-20211104-0008/	Third Party Advisory
31	https://www.debian.org/security/2021/dsa-4942	Third Party Advisory
32	https://www.debian.org/security/2021/dsa-4942	Third Party Advisory
33	https://www.openwall.com/lists/oss-security/2021/07/20/2	Exploit Mailing List Third Party Advisory
34	https://www.openwall.com/lists/oss-security/2021/07/20/2	Exploit Mailing List Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-770	制限またはスロットリング無しのリソースの割り当て	https://cwe.mitre.org/data/definitions/770.html