CVE-2021-33909

Description from NVD

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Information Acquisition Date:2021-07-31T16:39Z
CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD References

 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
     source:CONFIRM
     tags:Mailing List    Patch    Vendor Advisory    
 https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
     source:CONFIRM
     tags:Patch    Third Party Advisory    
 https://www.openwall.com/lists/oss-security/2021/07/20/1
     source:MISC
     tags:Exploit    Mailing List    Third Party Advisory    
 [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 DSA-4941
     source:DEBIAN
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 FEDORA-2021-07dc0b3eb1
     source:FEDORA
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20210722 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html
     source:MISC
     tags:Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(250 tweets) Unbound(1 tweets) Windows(11 tweets) iOS(4 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://blog.qualys.com/vulnerabilities-threat-research/202...60
https://www.openwall.com/lists/oss-security/2021/07/20/129
https://www.helpnetsecurity.com/2021/07/20/cve-2021-33909/17
https://thehackernews.com/2021/07/new-windows-and-linux-fla...11
https://github.com/AmIAHuman/CVE-2021-339099
https://twitter.com/campuscodi/status/14174832894981652488
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-lo...8
https://www.bleepingcomputer.com/news/security/new-linux-ke...6
https://news.ycombinator.com/item?id=278931815
https://sysdig.com/blog/cve-2021-33909-sequoia-falco-linux-...4
https://therecord.media/new-sequoia-bug-gives-you-root-acce...4
https://access.redhat.com/security/vulnerabilities/RHSB-202...4
https://securityaffairs.co/wordpress/120365/security/lpe-fl...4
http://security.sios.com3
http://feedproxy.google.com/~r/HelpNetSecurity/~3/gcpQb-lsA24/3
https://security-tracker.debian.org/tracker/CVE-2021-339093

▼ Show Information from Twitter(438)


List of frequently cited URLs

URLNum of Times Referred to
blog.qualys.com60
www.openwall.com29
www.helpnetsecurity.com17
thehackernews.com11
github.com9
twitter.com8
www.qualys.com8
www.bleepingcomputer.com6
news.ycombinator.com5
sysdig.com4
therecord.media4
access.redhat.com4
securityaffairs.co4
security.sios.com3
feedproxy.google.com3
security-tracker.debian.org3

▼ Show Information from Twitter(438)


GitHub Search Results: Up to 10
NameURL
Liang2580/CVE-2021-33909 https://github.com/Liang2580/CVE-2021-33909
baerwolf/cve-2021-33909 https://github.com/baerwolf/cve-2021-33909
bbinfosec43/CVE-2021-33909 https://github.com/bbinfosec43/CVE-2021-33909
ikramimamoglu/AmIAHuman-CVE-2021-33909 https://github.com/ikramimamoglu/AmIAHuman-CVE-2021-33909

GitHub Search Results: Up to 10
NameURL
Liang2580/CVE-2021-33909 github.com
baerwolf/cve-2021-33909 github.com
bbinfosec43/CVE-2021-33909 github.com
ikramimamoglu/AmIAHuman-CVE-2021-33909 github.com

2021/08/02 Score : 0
Added Har-sia Database : 2021/07/20
Last Modified : 2021/08/02
Highest Scored Date : 2021/07/21
Highest Score : 173