{"id":"CVE-2021-3997","details":"A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.","modified":"2026-05-18T22:58:12.288085Z","published":"2022-08-23T20:15:08.670Z","related":["SUSE-SU-2022:0043-1","SUSE-SU-2022:0539-1","openSUSE-SU-2022:0043-1","openSUSE-SU-2022:0539-1","openSUSE-SU-2024:11731-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"34"},{"last_affected":"35"}],"vendor_product":"fedoraproject:fedora","cpes":["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"},{"last_affected":"8.0"},{"last_affected":"9.0"}],"vendor_product":"redhat:enterprise_linux","cpes":["cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-15"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3997"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024639"},{"type":"FIX","url":"https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2022/01/10/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/systemd/systemd","events":[{"introduced":"1742aae2aa8cd33897250d6fcfbe10928e43eb2f"},{"fixed":"617c67a039b25139e5516aa48931c7024c6f8dc5"},{"fixed":"5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"}],"database_specific":{"cpe":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"240"},{"fixed":"250.2"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["v250.1","v250","v250-rc3","v250-rc2","v250-rc1","v249","v249-rc3","v249-rc2","v249-rc1","v248-2","v248","v248-rc4","v248-rc3","v248-rc2","v248-rc1","v247","v247-rc2","v247-rc1","v246","v246-rc2","v246-rc1","v245","v245-rc2","v245-rc1","v244","v244-rc1","v243","v243-rc2","v243-rc1","v242","v242-rc4","v242-rc3","v242-rc2","v242-rc1","v241","v241-rc2","v241-rc1","v240"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3997.json","vanir_signatures_modified":"2026-05-18T22:58:12Z","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"CVE-2021-3997-0191928f","target":{"function":"lsm_bpf_supported","file":"src/core/bpf-lsm.c"},"deprecated":false,"source":"https://github.com/systemd/systemd/commit/617c67a039b25139e5516aa48931c7024c6f8dc5","digest":{"length":1126,"function_hash":"185979649040454291352028384744579284254"}},{"signature_type":"Line","signature_version":"v1","id":"CVE-2021-3997-0291008d","target":{"file":"src/core/bpf-lsm.c"},"deprecated":false,"source":"https://github.com/systemd/systemd/commit/617c67a039b25139e5516aa48931c7024c6f8dc5","digest":{"threshold":0.9,"line_hashes":["232824255401767527882159588300249583897","139541591999350747288877596287582325781","48873728193042033972757482948885216072","279905846686783546131062549597754248093","40943845109007403552630436406116122814","179031166932765664448266696954928194792"]}},{"signature_type":"Function","signature_version":"v1","id":"CVE-2021-3997-6a8a21dd","target":{"function":"rm_rf_child","file":"src/shared/rm-rf.c"},"deprecated":false,"source":"https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1","digest":{"length":374,"function_hash":"152686987549912463405269971488872005473"}},{"signature_type":"Line","signature_version":"v1","id":"CVE-2021-3997-6b8b0b9c","target":{"file":"src/shared/rm-rf.c"},"deprecated":false,"source":"https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1","digest":{"threshold":0.9,"line_hashes":["141059355148544141293040271256544830855","271863013398583989321240070374819670523","228971154362777753928237616299595924467","308348084867573838604725970801116999705","307025307951600897979919517052529779253","338350324921210462470263433352324911282","192154184935525849228435792170020069320","280789311380948667402732362737158156889","264597111413886913152323701891588993382","256887911420346574408272071355921538933","328406928109304382119466785545731527959","41551315246691024358959863619875750136","199560534661790956545842687418810017766","98064436967192965117265062227544444141","6287514093111138238519327041296250564","183497168408929373208208423829613982063","327364442073884713182144000353930405550","322343212042555516710981669703216822443","24434364108870080509341000682990728693","206306710893498169848089350935034450533","30689134740406525465723433486422757273","214290727596238076791888704119638909193","125770284566057705755795621386103043619","252695143431716253583142052668586606110","108265301864431638992181516547554761952","266365014111071281298709426138262381904","46948499266177634006902575560569982375","89486483915561455161558219845892839265","287484311514395999357363468442542925091","306672849305815010578515794378512303601","231572884905197969578151548572960742824","78181398051249997504815273132306369026","283880167161998010273238992838564078800","333196349815038581767137659710980237366","275402849731713112534279470869426164509","288433695480066921809770885331249208000","41667702630740219319440261989513410238","301422066199264835404429494018589251570","300846258108732668805703251485279797812","132145170508849859671736946313352248665","288841721094866297481748251573369819975","130279619160761801421900558515089412022","184502985079593731017063554304716951778","317692637574415759098100762527879892193","93162723077210066901454159517654977704","95301525587488458463968782939112753557","23642242404373417573687913078959985365","1176026573078755885362246484018572452","111246283796628823523612284250177129595","237633678778945447366906973692170663888","204774012897229626883280852058738292043","160753553745858418934201696443564894635","161979008750180914801207475062021616478","298034889620248263093157551230389449581","248286279177217872012701733048433423993","273378299949664057726970313396453546202","56847066222386533058889477953642792645","316129621080861538859111446005245517555","110279963301713273990665498833284756219","144352059504979618277315822688088185916","207680219152064867667863023483177360637","27421482080761561801827299843855363748","19960656312339701682011485471400343449","309528232059233501037522944176196974145","226582383771226281048638889415553312366","106598958827103401935171719550772881178","207112453942721093310945028792587825529","253060193845939235818050690179588838694"]}},{"signature_type":"Function","signature_version":"v1","id":"CVE-2021-3997-86c73fc1","target":{"function":"rm_rf_children_inner","file":"src/shared/rm-rf.c"},"deprecated":false,"source":"https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1","digest":{"length":1256,"function_hash":"56574712255166263395916226055837217013"}},{"signature_type":"Function","signature_version":"v1","id":"CVE-2021-3997-ff3c43c6","target":{"function":"rm_rf_children","file":"src/shared/rm-rf.c"},"deprecated":false,"source":"https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1","digest":{"length":998,"function_hash":"332255085639802175830221466956067031857"}}]}},{"ranges":[{"type":"GIT","repo":"https://github.com/systemd/systemd-stable","events":[{"introduced":"1742aae2aa8cd33897250d6fcfbe10928e43eb2f"},{"fixed":"617c67a039b25139e5516aa48931c7024c6f8dc5"}],"database_specific":{"cpe":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"240"},{"fixed":"250.2"}],"source":"CPE_FIELD"}}],"versions":["v250.1","v250","v250-rc3","v250-rc2","v250-rc1","v249","v249-rc3","v249-rc2","v249-rc1","v248-2","v248","v248-rc4","v248-rc3","v248-rc2","v248-rc1","v247","v247-rc2","v247-rc1","v246","v246-rc2","v246-rc1","v245","v245-rc2","v245-rc1","v244","v244-rc1","v243","v243-rc2","v243-rc1","v242","v242-rc4","v242-rc3","v242-rc2","v242-rc1","v241","v241-rc2","v241-rc1","v240"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3997.json","vanir_signatures_modified":"2026-05-18T22:58:12Z","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"CVE-2021-3997-4691a4eb","target":{"function":"lsm_bpf_supported","file":"src/core/bpf-lsm.c"},"deprecated":false,"source":"https://github.com/systemd/systemd-stable/commit/617c67a039b25139e5516aa48931c7024c6f8dc5","digest":{"length":1126,"function_hash":"185979649040454291352028384744579284254"}},{"signature_type":"Line","signature_version":"v1","id":"CVE-2021-3997-fa78c1c1","target":{"file":"src/core/bpf-lsm.c"},"deprecated":false,"source":"https://github.com/systemd/systemd-stable/commit/617c67a039b25139e5516aa48931c7024c6f8dc5","digest":{"threshold":0.9,"line_hashes":["232824255401767527882159588300249583897","139541591999350747288877596287582325781","48873728193042033972757482948885216072","279905846686783546131062549597754248093","40943845109007403552630436406116122814","179031166932765664448266696954928194792"]}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}