Announced 23 July 2021
Updated 23 September 2021 (IGEL OS 11.06.100 is now available)
CVSS 3.1 Score: 8.8 (High)
A local denial of service vulnerability affects the following IGEL products:
- IGEL OS 11
- IGEL OS 10
A research team from Qualys has discovered a vulnerability in
systemd (CVE-2021-33910). An unprivileged local user can exploit it to crash
systemd and the whole operating system (kernel panic).
- IGEL OS 11: Upgrade to IGEL OS 11.06.100
- IGEL OS 10: Upgrade to IGEL OS 11
- Disable terminal access for the user, see Disabling Local Terminal Access.
- Disable virtual console access, see Disabling Virtual Console Access.
- As the attack relies on mounting user-controlled filesystems, disable mounting of filesystems by the user:
- Qualys, “CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1))”: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1
- CVE-2021-33910: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33910