Lucene search

[email protected]NVD:CVE-2021-33909

HistoryJul 20, 2021 - 7:15 p.m.

CVE-2021-33909

2021-07-2019:15:09

CWE-787

CWE-190

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.0%

JSON

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Affected configurations

NVD

Node

linuxlinux_kernelRange3.12.43–3.13

linuxlinux_kernelRange3.16–4.4.276

linuxlinux_kernelRange4.5–4.9.276

linuxlinux_kernelRange4.10–4.14.240

linuxlinux_kernelRange4.15–4.19.198

linuxlinux_kernelRange4.20–5.4.134

linuxlinux_kernelRange5.5–5.10.52

linuxlinux_kernelRange5.11–5.12.19

linuxlinux_kernelRange5.13–5.13.4

Node

fedoraprojectfedoraMatch34

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

netapphci_management_nodeMatch-

netappsolidfireMatch-

Node

oraclecommunications_session_border_controllerMatch8.2

oraclecommunications_session_border_controllerMatch8.3

oraclecommunications_session_border_controllerMatch8.4

oraclecommunications_session_border_controllerMatch9.0

Node

sonicwallsma1000_firmwareRange≤12.4.2-02044

AND

sonicwallsma1000Match-

References

packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html

packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html

packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html

packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html

www.openwall.com/lists/oss-security/2021/07/22/7

www.openwall.com/lists/oss-security/2021/08/25/10

www.openwall.com/lists/oss-security/2021/09/17/2

www.openwall.com/lists/oss-security/2021/09/17/4

www.openwall.com/lists/oss-security/2021/09/21/1

cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4

github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

lists.debian.org/debian-lts-announce/2021/07/msg00014.html

lists.debian.org/debian-lts-announce/2021/07/msg00015.html

lists.debian.org/debian-lts-announce/2021/07/msg00016.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4UHHIGISO3FVRF4CQNJS4IKA25ATSFU/

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015

security.netapp.com/advisory/ntap-20210819-0004/

www.debian.org/security/2021/dsa-4941

www.openwall.com/lists/oss-security/2021/07/20/1

www.oracle.com/security-alerts/cpujan2022.html

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.0%

JSON

CVE-2021-33909

Affected configurations

References

Related