CVE-2021-33909: Linux kernel local privilege escalation vulnerability alert

This vulnerability is a type conversion vulnerability in the Linux kernel file system layer. The type conversion vulnerability is a situation that occurs when converting between two types, which may cause overflow. Unprivileged local attackers can use this vulnerability to escalate privileges.

Vulnerability Detail

In the seq_file.c file of the Linux kernel file system layer, because the allocation of the seq buffer is not correctly restricted, the size_t-to-int conversion has not been verified, resulting in an integer overflow and out-of-bounds writing. Unprivileged local attackers can exploit this vulnerability by creating, mounting, and deleting deep directory structures with a total path length of more than 1GB. This vulnerability can enable unprivileged users to be upgraded to root users.

Affected version

• Linux kernel: >=3.16 / <= 5.13.3

Unaffected veresion

• Linux kernel: 5.13.4

Solution

In this regard, we recommend that users upgrade Linux to the latest version in time.