Home Vulnerabilities CVE-2021-33909: Linux kernel local privilege escalation vulnerability alert

CVE-2021-33909: Linux kernel local privilege escalation vulnerability alert


On July 21, 2021, RedHat officially released a risk notice for the Linux kernel local privilege escalation vulnerability, the vulnerability number is CVE-2021-33909.

This vulnerability is a type conversion vulnerability in the Linux kernel file system layer. The type conversion vulnerability is a situation that occurs when converting between two types, which may cause overflow. Unprivileged local attackers can use this vulnerability to escalate privileges.

Vulnerability Detail

In the seq_file.c file of the Linux kernel file system layer, because the allocation of the seq buffer is not correctly restricted, the size_t-to-int conversion has not been verified, resulting in an integer overflow and out-of-bounds writing. Unprivileged local attackers can exploit this vulnerability by creating, mounting, and deleting deep directory structures with a total path length of more than 1GB. This vulnerability can enable unprivileged users to be upgraded to root users.

Affected version

  • Linux kernel: >=3.16 / <= 5.13.3

Unaffected veresion

Solution

In this regard, we recommend that users upgrade Linux to the latest version in time.

The post CVE-2021-33909: Linux kernel local privilege escalation vulnerability alert appeared first on InfoTech News.



Source link

RELATED ARTICLES

New infosec products of the week: July 23, 2021

Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks Stellar Cyber introduced a...

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained...

Kaseya obtains REvil decryptor, starts sharing it with afflicted customers • The Register

Software-for-services providers business Kaseya has obtained a "universal decryptor key" for the REvil ransomware and is delivering it to clients. A brief Thursday update...

Most Popular

‘Critical Severity’ Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over...

Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Threat Roundup for October 15 to October 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post...

Recent Comments