CVE-2021-33909

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4

https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

https://www.openwall.com/lists/oss-security/2021/07/20/1

https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html

https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html

https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html

https://www.debian.org/security/2021/dsa-4941

http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/Z4UHHIGISO3FVRF4CQNJS4IKA25ATSFU/

http://www.openwall.com/lists/oss-security/2021/07/22/7

http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html

https://security.netapp.com/advisory/ntap-20210819-0004/

http://www.openwall.com/lists/oss-security/2021/08/25/10

http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html

http://www.openwall.com/lists/oss-security/2021/09/17/2

http://www.openwall.com/lists/oss-security/2021/09/17/4

http://www.openwall.com/lists/oss-security/2021/09/21/1

Details

Source: MITRE

Published: 2021-07-20

Updated: 2021-09-21

Type: CWE-120

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (79 total)

IDNameProductFamilySeverity
153610EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-2465)NessusHuawei Local Security Checks
high
153148Debian DLA-2714-1 : linux-4.19 - LTS security updateNessusDebian Local Security Checks
high
153130Ubuntu 16.04 LTS / 18.04 LTS / 21.04 : Linux kernel vulnerability (USN-5014-1)NessusUbuntu Local Security Checks
high
153129Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5017-1)NessusUbuntu Local Security Checks
high
152545SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2678-1)NessusSuSE Local Security Checks
high
152481SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2643-1)NessusSuSE Local Security Checks
high
152465Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9410)NessusOracle Linux Local Security Checks
high
152464Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9407)NessusOracle Linux Local Security Checks
high
152398OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0025)NessusOracleVM Local Security Checks
high
152389Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9406)NessusOracle Linux Local Security Checks
high
152382Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9404)NessusOracle Linux Local Security Checks
high
152195Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9395)NessusOracle Linux Local Security Checks
high
152188SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 18 for SLE 12 SP4) (SUSE-SU-2021:2584-1)NessusSuSE Local Security Checks
high
152167SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2021:2577-1)NessusSuSE Local Security Checks
high
152160SUSE SLES15 Security Update : kernel (Live Patch 2 for SLE 15 SP3) (SUSE-SU-2021:2559-1)NessusSuSE Local Security Checks
high
152159SUSE SLES15 Security Update : kernel (Live Patch 22 for SLE 15 SP1) (SUSE-SU-2021:2560-1)NessusSuSE Local Security Checks
high
152142SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP1) (SUSE-SU-2021:2542-1)NessusSuSE Local Security Checks
high
152116SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP2) (SUSE-SU-2021:2538-1)NessusSuSE Local Security Checks
high
152108SUSE SLES15 Security Update : kernel (Live Patch 16 for SLE 15 SP2) (SUSE-SU-2021:2487-1)NessusSuSE Local Security Checks
high
152094Oracle Linux 6 : kernel (ELSA-2021-9374)NessusOracle Linux Local Security Checks
high
152089Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2725)NessusScientific Linux Local Security Checks
high
152080RHEL 8 : OpenShift Container Platform 4.7.21 (RHSA-2021:2763)NessusRed Hat Local Security Checks
high
152055SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2451-1)NessusSuSE Local Security Checks
high
152053Photon OS 1.0: Linux PHSA-2021-1.0-0416NessusPhotonOS Local Security Checks
high
152045OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0023)NessusOracleVM Local Security Checks
high
152018Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9372)NessusOracle Linux Local Security Checks
high
152017openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1076-1)NessusSuSE Local Security Checks
high
152016Photon OS 2.0: Linux PHSA-2021-2.0-0370NessusPhotonOS Local Security Checks
high
152003RHEL 8 : Red Hat Virtualization Host security and bug fix update [ovirt-4.4.7] (Important) (RHSA-2021:2736)NessusRed Hat Local Security Checks
high
151998SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2422-1)NessusSuSE Local Security Checks
high
151997SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:2438-1)NessusSuSE Local Security Checks
high
151989SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151986SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)NessusSuSE Local Security Checks
high
151979CentOS 7 : kernel (CESA-2021:2725)NessusCentOS Local Security Checks
high
151965Photon OS 4.0: Linux PHSA-2021-4.0-0065NessusPhotonOS Local Security Checks
high
151958Photon OS 3.0: Linux PHSA-2021-3.0-0270NessusPhotonOS Local Security Checks
high
151954Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9370)NessusOracle Linux Local Security Checks
high
151948Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9369)NessusOracle Linux Local Security Checks
high
151944Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9371)NessusOracle Linux Local Security Checks
high
151943Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9368)NessusOracle Linux Local Security Checks
high
151935openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2427-1)NessusSuSE Local Security Checks
high
151934Amazon Linux AMI : kernel (ALAS-2021-1524)NessusAmazon Linux Local Security Checks
high
151931Amazon Linux 2 : kernel (ALAS-2021-1691)NessusAmazon Linux Local Security Checks
high
151929RHEL 7 : RHV-H security update (redhat-virtualization-host) 4.3.17 (Important) (RHSA-2021:2737)NessusRed Hat Local Security Checks
high
151926Oracle Linux 7 : kernel (ELSA-2021-2725)NessusOracle Linux Local Security Checks
high
151921Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5015-1)NessusUbuntu Local Security Checks
high
151920Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-5018-1)NessusUbuntu Local Security Checks
high
151917Oracle Linux 8 : kernel (ELSA-2021-2714)NessusOracle Linux Local Security Checks
high
151907Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-5016-1)NessusUbuntu Local Security Checks
high
151897Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-202-01)NessusSlackware Local Security Checks
high
151891Debian DLA-2713-1 : linux - LTS security updateNessusDebian Local Security Checks
medium
151890Debian DSA-4941-1 : linux - security updateNessusDebian Local Security Checks
medium
151889RHEL 7 : kernel (RHSA-2021:2728)NessusRed Hat Local Security Checks
high
151888RHEL 7 : kernel (RHSA-2021:2725)NessusRed Hat Local Security Checks
high
151887RHEL 7 : kpatch-patch (RHSA-2021:2729)NessusRed Hat Local Security Checks
high
151886RHEL 7 : kernel-rt (RHSA-2021:2726)NessusRed Hat Local Security Checks
high
151884SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2409-1)NessusSuSE Local Security Checks
high
151880SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2408-1)NessusSuSE Local Security Checks
high
151879CentOS 8 : kernel (CESA-2021:2714)NessusCentOS Local Security Checks
high
151878SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2406-1)NessusSuSE Local Security Checks
high
151877SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2407-1)NessusSuSE Local Security Checks
high
151873SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:2416-1)NessusSuSE Local Security Checks
high
151872RHEL 8 : kpatch-patch (RHSA-2021:2720)NessusRed Hat Local Security Checks
high
151871RHEL 8 : kernel-rt (RHSA-2021:2715)NessusRed Hat Local Security Checks
high
151870SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:2415-1)NessusSuSE Local Security Checks
high
151867RHEL 7 : kernel (RHSA-2021:2730)NessusRed Hat Local Security Checks
high
151864RHEL 8 : kpatch-patch (RHSA-2021:2716)NessusRed Hat Local Security Checks
high
151863RHEL 7 : kpatch-patch (RHSA-2021:2727)NessusRed Hat Local Security Checks
high
151862RHEL 8 : kernel (RHSA-2021:2722)NessusRed Hat Local Security Checks
high
151859RHEL 7 : kernel (RHSA-2021:2734)NessusRed Hat Local Security Checks
high
151858RHEL 7 : kernel (RHSA-2021:2732)NessusRed Hat Local Security Checks
high
151857RHEL 8 : kernel (RHSA-2021:2718)NessusRed Hat Local Security Checks
high
151856RHEL 8 : kernel-rt (RHSA-2021:2719)NessusRed Hat Local Security Checks
high
151851openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2409-1)NessusSuSE Local Security Checks
high
151850RHEL 8 : kpatch-patch (RHSA-2021:2723)NessusRed Hat Local Security Checks
high
151847openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2415-1)NessusSuSE Local Security Checks
high
151846RHEL 8 : kernel (RHSA-2021:2714)NessusRed Hat Local Security Checks
high
151843RHEL 7 : kpatch-patch (RHSA-2021:2731)NessusRed Hat Local Security Checks
high
151842RHEL 7 : kernel (RHSA-2021:2733)NessusRed Hat Local Security Checks
high