製品・ソフトウェアに関する情報

JVN脆弱性詳細

systemd における制限またはスロットリング無しのリソースの割り当てに関する脆弱性

タイトル	systemd における制限またはスロットリング無しのリソースの割り当てに関する脆弱性
概要	systemd には、制限またはスロットリング無しのリソースの割り当てに関する脆弱性が存在します。
想定される影響	サービス運用妨害 (DoS) 状態にされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2021年7月20日0:00
登録日	2022年9月8日15:04
最終更新日	2025年9月19日17:24

CVSS3.0 : 警告
スコア	5.5
ベクター	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
スコア	4.9
ベクター	AV:L/AC:L/Au:N/C:N/I:N/A:C

影響を受けるシステム

Debian

Debian GNU/Linux

Fedora Project

Fedora

NetApp

NetApp HCI Management Node

NetApp SolidFire

systemd project

systemd 246.15 未満

systemd 247.8 未満

systemd 248.5 未満

systemd 249.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-33910	https://www.cve.org/CVERecord?id=CVE-2021-33910
National Vulnerability Database (NVD)
2	CVE-2021-33910	https://nvd.nist.gov/vuln/detail/CVE-2021-33910

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-770	https://cwe.mitre.org/data/definitions/770.html

ベンダー情報

No	名前	URL
Debian Security Advisory
1	DSA-4942-1	https://www.debian.org/security/2021/dsa-4942
Fedora Update Notification
2	FEDORA-2021-166e461c8d	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
3	FEDORA-2021-2a6ba64260	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
GitHub
4	basic/unit-name: do not use strdupa() on a path #20256	https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
5	basic/unit-name: do not use strdupa() on a path (commit 4a1c5f34bd3e1daed4490e9d97918e504d19733b)	https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
6	basic/unit-name: do not use strdupa() on a path (commit 764b74113e36ac5219a4b82a05f311b5a92136ce)	https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
7	basic/unit-name: do not use strdupa() on a path (commit b00674347337b7531c92fdb65590ab253bb57538)	https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
8	basic/unit-name: do not use strdupa() on a path (commit cfd14c65374027b34dbbc4f0551456c5dc2d1f61)	https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
9	Merge pull request #20256 from keszybz/one-alloca-too-many	https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
NetApp Advisory
10	NTAP-20211104-0008	https://security.netapp.com/advisory/ntap-20211104-0008/

その他

No	名前	URL
JVN
1	JVNVU#99030761	https://jvn.jp/vu/JVNVU99030761/index.html
関連文書
2	Re: Pop!_OS Membership to linux-distros list (2021/08/04/2)	https://www.openwall.com/lists/oss-security/2021/08/04/2
3	Re: Pop!_OS Membership to linux-distros list (2021/08/17/3)	https://www.openwall.com/lists/oss-security/2021/08/17/3
4	Re: Pop!_OS Membership to linux-distros list (2021/09/07/3)	https://www.openwall.com/lists/oss-security/2021/09/07/3

変更履歴

No	変更内容	変更日
1	[2022年09月08日] 掲載	2022年9月8日15:04
2	[2025年09月19日] 参考情報：JVN (JVNVU#99030761) を追加	2025年9月19日16:41

NVD脆弱性情報

CVE-2021-33910

概要	basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
公表日	2021年7月21日4:15
登録日	2021年7月21日10:00
最終更新日	2024年11月21日15:09

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:systemd_project:systemd::::::::	247			247.8
cpe:2.3:a:systemd_project:systemd::::::::				246.15
cpe:2.3:a:systemd_project:systemd::::::::	248			248.5
cpe:2.3:a:systemd_project:systemd::::::::	249			249.1

構成2	以上	以下	より上	未満
cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*

構成3		以上	以下	より上	未満
cpe:2.3:o:debian:debian_linux:10.0:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html	Exploit Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html	Exploit Third Party Advisory VDB Entry
3	http://www.openwall.com/lists/oss-security/2021/08/04/2	Mailing List Patch Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2021/08/04/2	Mailing List Patch Third Party Advisory
5	http://www.openwall.com/lists/oss-security/2021/08/17/3	Mailing List Patch Third Party Advisory
6	http://www.openwall.com/lists/oss-security/2021/08/17/3	Mailing List Patch Third Party Advisory
7	http://www.openwall.com/lists/oss-security/2021/09/07/3	Mailing List Patch Third Party Advisory
8	http://www.openwall.com/lists/oss-security/2021/09/07/3	Mailing List Patch Third Party Advisory
9	https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
10	https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
11	https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b	Patch Third Party Advisory
12	https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b	Patch Third Party Advisory
13	https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9	Patch Third Party Advisory
14	https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9	Patch Third Party Advisory
15	https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b	Patch Third Party Advisory
16	https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b	Patch Third Party Advisory
17	https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce	Patch Third Party Advisory
18	https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce	Patch Third Party Advisory
19	https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538	Patch Third Party Advisory
20	https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538	Patch Third Party Advisory
21	https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61	Patch Third Party Advisory
22	https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61	Patch Third Party Advisory
23	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
24	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
25	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
26	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
27	https://security.gentoo.org/glsa/202107-48	Third Party Advisory
28	https://security.gentoo.org/glsa/202107-48	Third Party Advisory
29	https://security.netapp.com/advisory/ntap-20211104-0008/	Third Party Advisory
30	https://security.netapp.com/advisory/ntap-20211104-0008/	Third Party Advisory
31	https://www.debian.org/security/2021/dsa-4942	Third Party Advisory
32	https://www.debian.org/security/2021/dsa-4942	Third Party Advisory
33	https://www.openwall.com/lists/oss-security/2021/07/20/2	Exploit Mailing List Third Party Advisory
34	https://www.openwall.com/lists/oss-security/2021/07/20/2	Exploit Mailing List Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-770	制限またはスロットリング無しのリソースの割り当て	https://cwe.mitre.org/data/definitions/770.html