Critical Systemd Vulnerability Causes Kernel Panic, Patch Now
A critical vulnerability in systemd, discovered by Qualys, allows unprivileged users to cause a denial of service via kernel panic. The issue affects all versions since April 2015.
The vulnerability, CVE-2021-33910, stems from a flawed strdupa() function in systemd that allocates memory on the stack. If the total path length exceeds 8MB, it can lead to a stack exhaustion, crashing systemd and causing a kernel panic. Qualys Research Team found this issue, which was first introduced in systemd v220 (April 2015).
Qualys advises users to apply patches immediately to mitigate the risk. Non-customers can start a free Qualys VMDR trial to identify vulnerable assets, while customers can search for CVE-2021-33910 to locate affected systems. There are no known workarounds for this vulnerability.
The stack exhaustion denial-of-service vulnerability in systemd, discovered by Qualys, affects all versions from April 2015 onwards. Users are urged to apply patches promptly to prevent potential disruptions. Further information can be obtained through Qualys.
Read also:
- Global Content Dissemination Through Cross-Linguistic Voiceovers
- JLR Fights Back After Cyberattack, Secures $7B in Funding, Appoints New CEO
- A2C Teams Up with Privacy4Cars to Strengthen FTC Compliance for Auto Dealers
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
