CVE-2021-3997

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
systemd_projectsystemd
240 ≤
𝑥
< 250.2
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bookworm
252.30-1~deb12u2
fixed
bullseye
247.3-7+deb11u5
fixed
bullseye (security)
247.3-7+deb11u6
fixed
buster
ignored
sid
256.7-3
fixed
stretch
ignored
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
bionic
ignored
focal
Fixed 245.4-4ubuntu3.15
released
hirsute
Fixed 247.3-3ubuntu3.7
released
impish
Fixed 248.3-1ubuntu8.2
released
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsystemd0
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
libsystemd0-32bit
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
libudev-devel
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
libudev1
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
libudev1-32bit
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd-32bit
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd-container
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd-coredump
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd-devel
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd-doc
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd-journal-remote
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
systemd-lang
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd-sysvcompat
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
systemd-sysvinit
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
udev
suse enterprise desktop 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise desktop 15 SP4
249.11-150400.6.8
fixed
suse enterprise desktop 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise desktop 15 SP6
254.10-150600.2.3
fixed
suse enterprise desktop 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise sap 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise sap 15 SP4
249.11-150400.6.8
fixed
suse enterprise sap 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise sap 15 SP6
254.10-150600.2.3
fixed
suse enterprise sap 15 SP7
254.24-150600.4.28.1
fixed
suse enterprise server 15 SP3
246.16-150300.7.39.1
fixed
suse enterprise server 15 SP4
249.11-150400.6.8
fixed
suse enterprise server 15 SP5
249.16-150400.8.25.7
fixed
suse enterprise server 15 SP6
254.10-150600.2.3
fixed
suse enterprise server 15 SP7
254.24-150600.4.28.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2021-3997
https://bugzilla.redhat.com/show_bug.cgi?id=2024639
https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
https://security.gentoo.org/glsa/202305-15
https://www.openwall.com/lists/oss-security/2022/01/10/2
https://access.redhat.com/security/cve/CVE-2021-3997
https://bugzilla.redhat.com/show_bug.cgi?id=2024639
https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
https://security.gentoo.org/glsa/202305-15
https://www.openwall.com/lists/oss-security/2022/01/10/2