Sequoia: CVE-2021-33909- Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer
by CIRT Team
Description:
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
Impact: Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.
Mitigation: Updates are available. Please see the references or vendor advisory for more information.
Reference URLs:
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
https://www.debian.org/security/2021/dsa-4941
https://access.redhat.com/security/cve/cve-2021-33909
https://ubuntu.com/security/CVE-2021-33909
https://www.suse.com/security/cve/CVE-2021-33909.html
Recommended Posts
Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh
06 Nov 2024 - Security Advisories & Alerts