CVE-2021-33909 — Integer Overflow or Wraparound in Kernel
Severity
7.8HIGHNVD
OSV3.5
EPSS
2.2%
top 15.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 20
Latest updateMay 24
Description
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 34
Patches
🔴Vulnerability Details
7OSV▶
linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi vulnerabilities↗2021-07-20
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-07-20
📋Vendor Advisories
13🕵️Threat Intelligence
1Qualys▶
Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909) | Qualys↗2021-07-20