{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-040.pdf"
    },
    "title": "Privilege Escalation Vulnerability in Linux Kernel",
    "serial_number": "2021-040",
    "publish_date": "22-07-2021 20:49:00",
    "description": "A vulnerability (CVE-2021-33909) in the Linux kernel filesystem layer may allow local, unprivileged user to gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. The vulnerability is dubbed Sequoia.",
    "url_title": "2021-040",
    "content_markdown": "---\ntitle: 'Privilege Escalation Vulnerability in\u00a0Linux\u00a0Kernel'\nversion: '1.0'\nnumber: '2021-040'\ndate: 'July 22, 2021'\n---\n\n_History:_\n\n* _22/07/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nA vulnerability (CVE-2021-33909) in the Linux kernel filesystem layer may allow local, unprivileged user to gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. The vulnerability is dubbed _Sequoia_ [1].\n\n# Technical Details\n\n`fs/seq_file.c` file in the affected Linux kernels does not properly restrict seqential buffer allocations, leading to an integer overflow, an out-of-bounds write, and escalation to root by an unprivileged user. Virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.\n\n# Affected Products\n\nLinux distros using kernel 3.16 through 5.13.x before 5.13.4\n\n# Recommendations\n\nFollow the instructions from the specific distro to update. For the most common you can reffer to [2, 3, 4].\n\nCERT-EU recommends updating the vulnerable systems as soon as possible.\n\n## Workaround\n\nQualys, who discoverd this bug, has created an exploit as a PoC as well as mitigations to prevent their specific exploit from working [1]. Other exploitation techniques may exist. To completely fix this vulnerability, the kernel must be patched.\n\n# References\n\n[1] <https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909>\n\n[2] <https://ubuntu.com/security/CVE-2021-33909>\n\n[3] <https://security-tracker.debian.org/tracker/CVE-2021-33909>\n\n[4] <https://access.redhat.com/security/cve/cve-2021-33909>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>22/07/2021 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>A vulnerability (CVE-2021-33909) in the Linux kernel filesystem layer may allow local, unprivileged user to gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. The vulnerability is dubbed <em>Sequoia</em> [1].</p><h2 id=\"technical-details\">Technical Details</h2><p><code>fs/seq_file.c</code> file in the affected Linux kernels does not properly restrict seqential buffer allocations, leading to an integer overflow, an out-of-bounds write, and escalation to root by an unprivileged user. Virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.</p><h2 id=\"affected-products\">Affected Products</h2><p>Linux distros using kernel 3.16 through 5.13.x before 5.13.4</p><h2 id=\"recommendations\">Recommendations</h2><p>Follow the instructions from the specific distro to update. For the most common you can reffer to [2, 3, 4].</p><p>CERT-EU recommends updating the vulnerable systems as soon as possible.</p><h3 id=\"workaround\">Workaround</h3><p>Qualys, who discoverd this bug, has created an exploit as a PoC as well as mitigations to prevent their specific exploit from working [1]. Other exploitation techniques may exist. To completely fix this vulnerability, the kernel must be patched.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909\">https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://ubuntu.com/security/CVE-2021-33909\">https://ubuntu.com/security/CVE-2021-33909</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://security-tracker.debian.org/tracker/CVE-2021-33909\">https://security-tracker.debian.org/tracker/CVE-2021-33909</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://access.redhat.com/security/cve/cve-2021-33909\">https://access.redhat.com/security/cve/cve-2021-33909</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}