CVE-2021-33909: Integer Overflow
First published: Thu Jun 10 2021(Updated: )
An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.41.2.el6 | 0:2.6.32-754.41.2.el6 |
| redhat/kernel-rt | <0:3.10.0-1160.36.2.rt56.1179.el7 | 0:3.10.0-1160.36.2.rt56.1179.el7 |
| redhat/kernel | <0:3.10.0-1160.36.2.el7 | 0:3.10.0-1160.36.2.el7 |
| redhat/kernel | <0:3.10.0-327.98.2.el7 | 0:3.10.0-327.98.2.el7 |
| redhat/kernel | <0:3.10.0-514.90.2.el7 | 0:3.10.0-514.90.2.el7 |
| redhat/kernel | <0:3.10.0-693.90.2.el7 | 0:3.10.0-693.90.2.el7 |
| redhat/kernel | <0:3.10.0-957.78.2.el7 | 0:3.10.0-957.78.2.el7 |
| redhat/kernel | <0:3.10.0-1062.52.2.el7 | 0:3.10.0-1062.52.2.el7 |
| redhat/kernel-rt | <0:4.18.0-305.10.2.rt7.83.el8_4 | 0:4.18.0-305.10.2.rt7.83.el8_4 |
| redhat/kernel | <0:4.18.0-305.10.2.el8_4 | 0:4.18.0-305.10.2.el8_4 |
| redhat/kernel | <0:4.18.0-147.51.2.el8_1 | 0:4.18.0-147.51.2.el8_1 |
| redhat/kernel-rt | <0:4.18.0-193.60.2.rt13.112.el8_2 | 0:4.18.0-193.60.2.rt13.112.el8_2 |
| redhat/kernel | <0:4.18.0-193.60.2.el8_2 | 0:4.18.0-193.60.2.el8_2 |
| redhat/redhat-virtualization-host | <0:4.3.17-20210713.0.el7_9 | 0:4.3.17-20210713.0.el7_9 |
| redhat/redhat-virtualization-host | <0:4.4.7-20210715.1.el8_4 | 0:4.4.7-20210715.1.el8_4 |
| redhat/kernel | <5.14 | 5.14 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 | |
| Android | ||
| Linux Kernel | >=3.12.43<3.13 | |
| Linux Kernel | >=3.16<4.4.276 | |
| Linux Kernel | >=4.5<4.9.276 | |
| Linux Kernel | >=4.10<4.14.240 | |
| Linux Kernel | >=4.15<4.19.198 | |
| Linux Kernel | >=4.20<5.4.134 | |
| Linux Kernel | >=5.5<5.10.52 | |
| Linux Kernel | >=5.11<5.12.19 | |
| Linux Kernel | >=5.13<5.13.4 | |
| Fedora | =34 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| netapp hci management node | ||
| netapp solidfire | ||
| Oracle Communications Session Border Controller | =8.2 | |
| Oracle Communications Session Border Controller | =8.3 | |
| Oracle Communications Session Border Controller | =8.4 | |
| Oracle Communications Session Border Controller | =9.0 | |
| All of | ||
| sonicwall sma1000 firmware | <=12.4.2-02044 | |
| SonicWall SMA1000 Appliances | ||
| sonicwall sma1000 firmware | <=12.4.2-02044 | |
| SonicWall SMA1000 Appliances | ||
| IBM Data Risk Manager | <=2.0.6 |
Remedy
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-33909 https://nvd.nist.gov/vuln/detail/CVE-2021-33909 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b https://www.openwall.com/lists/oss-security/2021/07/20/1 https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1970273
- https://access.redhat.com/errata/RHSA-2021:2735
- https://access.redhat.com/errata/RHSA-2021:2726
- https://access.redhat.com/errata/RHSA-2021:2725
- https://access.redhat.com/errata/RHSA-2021:2727
- https://access.redhat.com/errata/RHSA-2021:2734
- https://access.redhat.com/errata/RHSA-2021:2733
- https://access.redhat.com/errata/RHSA-2021:2732
- https://access.redhat.com/errata/RHSA-2021:2730
- https://access.redhat.com/errata/RHSA-2021:2731
- https://access.redhat.com/errata/RHSA-2021:2728
- https://access.redhat.com/errata/RHSA-2021:2729
- https://access.redhat.com/errata/RHSA-2021:2715
- https://access.redhat.com/errata/RHSA-2021:2714
- https://access.redhat.com/errata/RHSA-2021:2716
- https://access.redhat.com/errata/RHSA-2021:2722
- https://access.redhat.com/errata/RHSA-2021:2723
- https://access.redhat.com/errata/RHSA-2021:2719
- https://access.redhat.com/errata/RHSA-2021:2718
- https://access.redhat.com/errata/RHSA-2021:2720
- https://access.redhat.com/errata/RHSA-2021:2737
- https://access.redhat.com/errata/RHSA-2021:2736
- https://access.redhat.com/security/cve/cve-2021-33909
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- https://www.debian.org/security/2021/dsa-4941
- https://www.openwall.com/lists/oss-security/2021/07/20/1
- https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html
- https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html
- https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4UHHIGISO3FVRF4CQNJS4IKA25ATSFU/
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- http://www.openwall.com/lists/oss-security/2021/07/22/7
- http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html
- https://security.netapp.com/advisory/ntap-20210819-0004/
- http://www.openwall.com/lists/oss-security/2021/08/25/10
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://www.openwall.com/lists/oss-security/2021/09/17/2
- http://www.openwall.com/lists/oss-security/2021/09/17/4
- http://www.openwall.com/lists/oss-security/2021/09/21/1
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
- https://launchpad.net/bugs/cve/CVE-2021-33909
- https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1984019
- https://access.redhat.com/errata/RHSA-2021:2763
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4UHHIGISO3FVRF4CQNJS4IKA25ATSFU/
- https://android.googlesource.com/kernel/common/+/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- https://source.android.com/docs/security/bulletin/2021-12-01 (Advisory)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/205906
- https://www.ibm.com/support/pages/node/6497499 (Advisory)
- https://git.kernel.org/linus/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- https://security-tracker.debian.org/tracker/CVE-2021-33909
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33909
- https://nvd.nist.gov/vuln/detail/CVE-2021-33909
- https://ubuntu.com/security/CVE-2021-33909
Parent vulnerabilities
(Appears in the following advisories)
- RHSA-2021:2735
- RHSA-2021:2726
- RHSA-2021:2725
- RHSA-2021:2727
- RHSA-2021:2734
- RHSA-2021:2733
- RHSA-2021:2732
- RHSA-2021:2730
- RHSA-2021:2731
- RHSA-2021:2728
- RHSA-2021:2729
- RHSA-2021:2715
- RHSA-2021:2714
- RHSA-2021:2716
- RHSA-2021:2722
- RHSA-2021:2723
- RHSA-2021:2719
- RHSA-2021:2718
- RHSA-2021:2720
- RHSA-2021:2737
- RHSA-2021:2736
- IBM-6497499
Frequently Asked Questions
What is the severity of CVE-2021-33909?
CVE-2021-33909 is classified as a high severity vulnerability that allows local privilege escalation due to an out-of-bounds write flaw in the Linux kernel.
How do I fix CVE-2021-33909?
To mitigate CVE-2021-33909, users should update to the recommended kernel versions provided by their Linux distribution.
What impact does CVE-2021-33909 have on affected systems?
CVE-2021-33909 can lead to system crashes, leakage of internal kernel information, and privilege escalation for local attackers.
Is CVE-2021-33909 exploitable remotely?
CVE-2021-33909 is not exploitable remotely as it requires local user privileges to be exploited.
Which versions of Linux are affected by CVE-2021-33909?
CVE-2021-33909 affects various versions of the Linux kernel, specifically those prior to the patched versions listed by the respective distributions.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-33909
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/event
- collector/android-source
- source/Android
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- package-manager/redhat
- package-manager/debian
- vendor/google
- canonical/android
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.12.43
- version/linux kernel/3.16
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.13
- vendor/fedoraproject
- canonical/fedora
- version/fedora/34
- vendor/debian
- canonical/debian
- version/debian/9.0
- version/debian/10.0
- vendor/netapp
- canonical/netapp hci management node
- canonical/netapp solidfire
- vendor/oracle
- canonical/oracle communications session border controller
- version/oracle communications session border controller/8.2
- version/oracle communications session border controller/8.3
- version/oracle communications session border controller/8.4
- version/oracle communications session border controller/9.0
- vendor/sonicwall
- canonical/sonicwall sma1000 firmware
- version/sonicwall sma1000 firmware/12.4.2-02044
- canonical/sonicwall sma1000 appliances
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6