VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 28, 2021· Updated Aug 4, 2024

CVE-2021-37600

CVE-2021-37600

Description

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

67

Patches

Vulnerability mechanics

Root cause

"Missing integer overflow check before calloc() for a uint64 nmembs value allows a large sem_nsems to cause an undersized buffer allocation."

Attack vector

An attacker who can influence the `/proc/sysvipc/sem` file to contain a very large `sem_nsems` value could trigger an integer overflow in the `xcalloc()` call within `get_sem_elements()` [ref_id=1]. This overflow could cause a smaller-than-expected buffer to be allocated, potentially leading to a heap buffer overflow when elements are written into it. The advisory notes this is unexploitable in GNU C Library environments and possibly all realistic environments, as the large number would need to be crafted through system resource manipulation.

Affected code

The vulnerability resides in `sys-utils/ipcutils.c` in the `get_sem_elements()` function. The function calls `xcalloc(p->sem_nsems, sizeof(struct sem_elem))` without first checking whether `p->sem_nsems` could overflow when multiplied by the element size, leading to a potential integer overflow. The patch adds a guard `p->sem_nsems > SIZE_MAX` before the allocation call [ref_id=1].

What the fix does

The patch adds a bounds check `p->sem_nsems > SIZE_MAX` before the `xcalloc()` call, preventing the multiplication `p->sem_nsems * sizeof(struct sem_elem)` from overflowing [ref_id=1]. If `sem_nsems` exceeds `SIZE_MAX`, the function returns early without attempting the allocation, thus avoiding the integer overflow that could lead to an undersized buffer.

Preconditions

  • inputThe attacker must be able to influence the /proc/sysvipc/sem file to contain a very large sem_nsems value, likely through exhausting system IPC resources.
  • configThe advisory states this is unexploitable in GNU C Library environments and possibly all realistic environments.

Generated on May 30, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.