This vulnerability is a type conversion vulnerability in the Linux kernel file system layer. The type conversion vulnerability is a situation that occurs when converting between two types, which may cause overflow. Unprivileged local attackers can use this vulnerability to escalate privileges.
In the seq_file.c file of the Linux kernel file system layer, because the allocation of the seq buffer is not correctly restricted, the size_t-to-int conversion has not been verified, resulting in an integer overflow and out-of-bounds writing. Unprivileged local attackers can exploit this vulnerability by creating, mounting, and deleting deep directory structures with a total path length of more than 1GB. This vulnerability can enable unprivileged users to be upgraded to root users.
- Linux kernel: >=3.16 / <= 5.13.3
- Linux kernel: 5.13.4
In this regard, we recommend that users upgrade Linux to the latest version in time.