Critical Systemd Vulnerability Can Crash Linux OS
A critical vulnerability has been discovered in systemd, the popular system and service manager used in Linux. Qualys Research Team has warned that any unprivileged user can exploit this stack exhaustion denial-of-service vulnerability to cause a kernel panic and crash the entire operating system.
The vulnerability, tracked as CVE-2021-33910, was introduced in systemd v220, released in April 2021. It allows an attacker to exploit a stack exhaustion issue, leading to a denial of service. A proof of concept (PoC) is available, demonstrating the ease of exploitation.
Qualys has released QIDs to identify vulnerable Linux servers running systemd. All versions from April 2015 onwards are affected, including the latest. The vulnerability can be prioritized using real-time threat indicators such as Predicted_High_Risk, Denial_of_Service, and Easy_Exploit.
Qualys recommends immediate patching for this vulnerability. Users can search the vulnerability knowledgebase using CVE-2021-33910 to identify all the QIDs and assets vulnerable for this issue. The security advisory CVE-2021-33909 was published by Qualys on August 9, 2021.
Read also:
- Expanded Criticism of Human Rights Protections - Specialists Criticize Russia's Intensified Crackdown on Virtual Private Networks and Encrypted Applications
- Cyber Attack Nets $14 Million from WOO X Across Four Different Blockchains
- Artificial Intelligence's Self-Consumption: The Demise of the Attention Economy
- Auto industry giants Fescaro and TUV Nord team up for cybersecurity certification in automobiles