CVE-2021-3997

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3997
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3997.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3997
Downstream
Related
Published
2022-08-23T20:15:08.670Z
Modified
2026-04-16T04:39:48.074080384Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.

References

Affected packages

Git / github.com/systemd/systemd

Affected ranges

Type
GIT
Repo
https://github.com/systemd/systemd
Events
Introduced
1742aae2aa8cd33897250d6fcfbe10928e43eb2f
Fixed
617c67a039b25139e5516aa48931c7024c6f8dc5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
66be5eda80a334eacb83b13590fdfbabc7efe5e9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fe7ac310219d84ca8621fd89b99fcf60a2fdfd46
Fixed
5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
Database specific 
{
    "versions": [
        {
            "introduced": "240"
        },
        {
            "fixed": "250.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "34"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "35"
        }
    ]
}

Affected versions

Other
v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v240
v241
v241-rc1
v241-rc2
v242
v242-rc1
v242-rc2
v242-rc3
v242-rc4
v243
v243-rc1
v243-rc2
v244
v244-rc1
v245
v245-rc1
v245-rc2
v246
v246-rc1
v246-rc2
v247
v247-rc1
v247-rc2
v248
v248-2
v248-rc1
v248-rc2
v248-rc3
v248-rc4
v249
v249-rc1
v249-rc2
v249-rc3
v25
v250
v250-rc1
v250-rc2
v250-rc3
v26
v27
v28
v29
v3
v30
v31
v32
v33
v34
v35
v4
v5
v6
v7
v8
v9
v250.*
v250.1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "signature_version": "v1",
        "source": "https://github.com/systemd/systemd/commit/617c67a039b25139e5516aa48931c7024c6f8dc5",
        "target": {
            "function": "lsm_bpf_supported",
            "file": "src/core/bpf-lsm.c"
        },
        "deprecated": false,
        "id": "CVE-2021-3997-0191928f",
        "signature_type": "Function",
        "digest": {
            "length": 1126.0,
            "function_hash": "185979649040454291352028384744579284254"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "232824255401767527882159588300249583897",
                "139541591999350747288877596287582325781",
                "48873728193042033972757482948885216072",
                "279905846686783546131062549597754248093",
                "40943845109007403552630436406116122814",
                "179031166932765664448266696954928194792"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2021-3997-0291008d",
        "target": {
            "file": "src/core/bpf-lsm.c"
        },
        "source": "https://github.com/systemd/systemd/commit/617c67a039b25139e5516aa48931c7024c6f8dc5"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 374.0,
            "function_hash": "152686987549912463405269971488872005473"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2021-3997-6a8a21dd",
        "target": {
            "function": "rm_rf_child",
            "file": "src/shared/rm-rf.c"
        },
        "source": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1",
        "target": {
            "file": "src/shared/rm-rf.c"
        },
        "deprecated": false,
        "id": "CVE-2021-3997-6b8b0b9c",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "141059355148544141293040271256544830855",
                "271863013398583989321240070374819670523",
                "228971154362777753928237616299595924467",
                "308348084867573838604725970801116999705",
                "307025307951600897979919517052529779253",
                "338350324921210462470263433352324911282",
                "192154184935525849228435792170020069320",
                "280789311380948667402732362737158156889",
                "264597111413886913152323701891588993382",
                "256887911420346574408272071355921538933",
                "328406928109304382119466785545731527959",
                "41551315246691024358959863619875750136",
                "199560534661790956545842687418810017766",
                "98064436967192965117265062227544444141",
                "6287514093111138238519327041296250564",
                "183497168408929373208208423829613982063",
                "327364442073884713182144000353930405550",
                "322343212042555516710981669703216822443",
                "24434364108870080509341000682990728693",
                "206306710893498169848089350935034450533",
                "30689134740406525465723433486422757273",
                "214290727596238076791888704119638909193",
                "125770284566057705755795621386103043619",
                "252695143431716253583142052668586606110",
                "108265301864431638992181516547554761952",
                "266365014111071281298709426138262381904",
                "46948499266177634006902575560569982375",
                "89486483915561455161558219845892839265",
                "287484311514395999357363468442542925091",
                "306672849305815010578515794378512303601",
                "231572884905197969578151548572960742824",
                "78181398051249997504815273132306369026",
                "283880167161998010273238992838564078800",
                "333196349815038581767137659710980237366",
                "275402849731713112534279470869426164509",
                "288433695480066921809770885331249208000",
                "41667702630740219319440261989513410238",
                "301422066199264835404429494018589251570",
                "300846258108732668805703251485279797812",
                "132145170508849859671736946313352248665",
                "288841721094866297481748251573369819975",
                "130279619160761801421900558515089412022",
                "184502985079593731017063554304716951778",
                "317692637574415759098100762527879892193",
                "93162723077210066901454159517654977704",
                "95301525587488458463968782939112753557",
                "23642242404373417573687913078959985365",
                "1176026573078755885362246484018572452",
                "111246283796628823523612284250177129595",
                "237633678778945447366906973692170663888",
                "204774012897229626883280852058738292043",
                "160753553745858418934201696443564894635",
                "161979008750180914801207475062021616478",
                "298034889620248263093157551230389449581",
                "248286279177217872012701733048433423993",
                "273378299949664057726970313396453546202",
                "56847066222386533058889477953642792645",
                "316129621080861538859111446005245517555",
                "110279963301713273990665498833284756219",
                "144352059504979618277315822688088185916",
                "207680219152064867667863023483177360637",
                "27421482080761561801827299843855363748",
                "19960656312339701682011485471400343449",
                "309528232059233501037522944176196974145",
                "226582383771226281048638889415553312366",
                "106598958827103401935171719550772881178",
                "207112453942721093310945028792587825529",
                "253060193845939235818050690179588838694"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "length": 1256.0,
            "function_hash": "56574712255166263395916226055837217013"
        },
        "deprecated": false,
        "id": "CVE-2021-3997-86c73fc1",
        "target": {
            "function": "rm_rf_children_inner",
            "file": "src/shared/rm-rf.c"
        },
        "source": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 998.0,
            "function_hash": "332255085639802175830221466956067031857"
        },
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2021-3997-ff3c43c6",
        "target": {
            "function": "rm_rf_children",
            "file": "src/shared/rm-rf.c"
        },
        "source": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"
    }
]
vanir_signatures_modified 
"2026-04-11T21:23:19Z"
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3997.json"