CVE-2021-33909: Linux kernel local privilege escalation vulnerability alert
This vulnerability is a type conversion vulnerability in the Linux kernel file system layer. The type conversion vulnerability is a situation that occurs when converting between two types, which may cause overflow. Unprivileged local attackers can use this vulnerability to escalate privileges.
Vulnerability Detail
In the seq_file.c file of the Linux kernel file system layer, because the allocation of the seq buffer is not correctly restricted, the size_t-to-int conversion has not been verified, resulting in an integer overflow and out-of-bounds writing. Unprivileged local attackers can exploit this vulnerability by creating, mounting, and deleting deep directory structures with a total path length of more than 1GB. This vulnerability can enable unprivileged users to be upgraded to root users.
Affected version
- Linux kernel: >=3.16 / <= 5.13.3
Unaffected veresion
- Linux kernel: 5.13.4
Solution
In this regard, we recommend that users upgrade Linux to the latest version in time.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
