CVE-2021-33909: Integer Overflow

First published: Thu Jun 10 2021(Updated: )

An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.

Credit: cve@mitre.org cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-cve
• agent/type
• agent/first-publish-date
• collector/launchpad-cve
• source/Launchpad
• collector/nvd-index
• agent/software-canonical-lookup-request
• agent/author
• agent/remedy
• agent/weakness
• agent/severity
• agent/description
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2021-33909
• agent/software-canonical-lookup
• collector/nvd-cve
• source/NVD
• collector/android-source
• source/Android
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/event
• collector/ibm-support
• source/IBM
• agent/references
• agent/tags
• collector/security-tracker-debian
• source/Debian
• agent/softwarecombine
• collector/usn-cve
• source/Ubuntu
• package-manager/redhat
• vendor/linux
• canonical/linux linux kernel
• version/linux linux kernel/3.12.43
• version/linux linux kernel/3.16
• version/linux linux kernel/4.5
• version/linux linux kernel/4.10
• version/linux linux kernel/4.15
• version/linux linux kernel/4.20
• version/linux linux kernel/5.5
• version/linux linux kernel/5.11
• version/linux linux kernel/5.13
• vendor/fedoraproject
• canonical/fedoraproject fedora
• version/fedoraproject fedora/34
• vendor/debian
• canonical/debian debian linux
• version/debian debian linux/9.0
• version/debian debian linux/10.0
• vendor/netapp
• canonical/netapp hci management node
• canonical/netapp solidfire
• vendor/oracle
• canonical/oracle communications session border controller
• version/oracle communications session border controller/8.2
• version/oracle communications session border controller/8.3
• version/oracle communications session border controller/8.4
• version/oracle communications session border controller/9.0
• vendor/sonicwall
• canonical/sonicwall sma1000 firmware
• version/sonicwall sma1000 firmware/12.4.2-02044
• canonical/sonicwall sma1000
• vendor/google
• canonical/google android
• vendor/ibm
• canonical/ibm drm
• version/ibm drm/2.0.6
• package-manager/debian