Security News > 2021 > July > Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)
A vulnerability in the Linux kernel's filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been unearthed by researchers.
"Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are likely vulnerable and probably exploitable," said Bharat Jogi, Senior Manager, Vulnerabilities and Signatures, Qualys.
"The first vulnerability is an attack against the Linux kernel. An unprivileged local attacker can exploit this vulnerability by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB. A successful attack results in privilege escalation," the Red Hat security team explained.
"The second vulnerability is an attack against systemd and requires a local attacker with the ability to mount a filesystem with a long path. This attack causes systemd, the services it manages, and the entire system to crash and stop responding."
Qualys researchers have dubbed CVE-2021-33909 "Sequoia" - "a pun on the bug's deep directory tree that yields root privileges" - and said that all Linux kernel versions from 2014 onwards are vulnerable.
"Further, any Red Hat product supported on Red Hat Enterprise Linux is also potentially impacted," the company said.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/gcpQb-lsA24/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-20 | CVE-2021-33909 | Integer Overflow or Wraparound vulnerability in multiple products fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | 7.8 |