Vulnerability Description
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
CVSS Score
5.5
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systemd Project | Systemd | >= 240, < 250.2 |
| Fedoraproject | Fedora | 34 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2021-3997Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2024639Issue TrackingPatchThird Party Advisory
- https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6PatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-15
- https://www.openwall.com/lists/oss-security/2022/01/10/2ExploitMailing ListThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2021-3997Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2024639Issue TrackingPatchThird Party Advisory
- https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6PatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-15
- https://www.openwall.com/lists/oss-security/2022/01/10/2ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2021-3997?
CVE-2021-3997 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
How severe is CVE-2021-3997?
CVE-2021-3997 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3997?
Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Fedoraproject Fedora, Redhat Enterprise Linux.