CVE-2021-33909: Integer Overflow

Published Jun 10, 2021
·
Updated

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results from not validating the sizet-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.

Other sources

An out-of-bounds write flaw was found in the seqfile in Filesystem layer, where a local attacker with a user privilege could gain access to out-of-bound memory leading to a system crash or a leak of internal kernel information. The issue results from not validating the sizet-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.

While creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.

References: https://www.openwall.com/lists/oss-security/2021/07/20/1 https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt

Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

Red Hat

fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in fs/seqfile.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges to root.

IBM

Affected Software

41 affected componentsFixes available
redhat/kernel<0:2.6.32-754.41.2.el6
0:2.6.32-754.41.2.el6
redhat/kernel-rt<0:3.10.0-1160.36.2.rt56.1179.el7
0:3.10.0-1160.36.2.rt56.1179.el7
redhat/kernel<0:3.10.0-1160.36.2.el7
0:3.10.0-1160.36.2.el7
redhat/kernel<0:3.10.0-327.98.2.el7
0:3.10.0-327.98.2.el7
redhat/kernel<0:3.10.0-514.90.2.el7
0:3.10.0-514.90.2.el7
redhat/kernel<0:3.10.0-693.90.2.el7
0:3.10.0-693.90.2.el7
redhat/kernel<0:3.10.0-957.78.2.el7
0:3.10.0-957.78.2.el7
redhat/kernel<0:3.10.0-1062.52.2.el7
0:3.10.0-1062.52.2.el7
redhat/kernel-rt<0:4.18.0-305.10.2.rt7.83.el8_4
0:4.18.0-305.10.2.rt7.83.el8_4
redhat/kernel<0:4.18.0-305.10.2.el8_4
0:4.18.0-305.10.2.el8_4
redhat/kernel<0:4.18.0-147.51.2.el8_1
0:4.18.0-147.51.2.el8_1
redhat/kernel-rt<0:4.18.0-193.60.2.rt13.112.el8_2
0:4.18.0-193.60.2.rt13.112.el8_2
redhat/kernel<0:4.18.0-193.60.2.el8_2
0:4.18.0-193.60.2.el8_2
redhat/redhat-virtualization-host<0:4.3.17-20210713.0.el7_9
0:4.3.17-20210713.0.el7_9
redhat/redhat-virtualization-host<0:4.4.7-20210715.1.el8_4
0:4.4.7-20210715.1.el8_4
redhat/kernel<5.14
5.14
IBM DRM<=2.0.6
Google Android
Linux Linux kernel>=3.12.43<3.13
Linux Linux kernel>=3.16<4.4.276
Linux Linux kernel>=4.5<4.9.276
Linux Linux kernel>=4.10<4.14.240
Linux Linux kernel>=4.15<4.19.198
Linux Linux kernel>=4.20<5.4.134
Linux Linux kernel>=5.5<5.10.52
Linux Linux kernel>=5.11<5.12.19
Linux Linux kernel>=5.13<5.13.4
Fedoraproject Fedora=34
Debian Debian Linux=9.0
Debian Debian Linux=10.0
NetApp Hci Management Node
NetApp Solidfire
Oracle Communications Session Border Controller=8.2
Oracle Communications Session Border Controller=8.3
Oracle Communications Session Border Controller=8.4
Oracle Communications Session Border Controller=9.0
All of the following
SonicWall Sma1000 Firmware<=12.4.2-02044
SonicWall SMA1000
SonicWall Sma1000 Firmware<=12.4.2-02044
SonicWall SMA1000
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-1

Remediation

Information

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

Patch Available

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4

Patch Available

https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

Patch Available

https://www.oracle.com/security-alerts/cpujan2022.html

Event History

Jun 10, 2021
Data Sourced
via Red Hat·08:17 AM
DescriptionSeverityAffected Software
Jul 20, 2021
CVE Published
12:00 PM
CVE Published
via MITRE·06:01 PM
Data Sourced
via MITRE·06:01 PM
Description
Dec 6, 2021
Data Sourced
via Android·12:00 AM
SeverityWeaknessAffected Software
Jan 11, 2024
Data Sourced
via Launchpad·11:57 PM
Description
Apr 28, 2025
Data Sourced
via Ubuntu·03:47 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2021-33909?

CVE-2021-33909 is classified as a high severity vulnerability that allows local privilege escalation due to an out-of-bounds write flaw in the Linux kernel.

2

How do I fix CVE-2021-33909?

To mitigate CVE-2021-33909, users should update to the recommended kernel versions provided by their Linux distribution.

3

What impact does CVE-2021-33909 have on affected systems?

CVE-2021-33909 can lead to system crashes, leakage of internal kernel information, and privilege escalation for local attackers.

4

Is CVE-2021-33909 exploitable remotely?

CVE-2021-33909 is not exploitable remotely as it requires local user privileges to be exploited.

5

Which versions of Linux are affected by CVE-2021-33909?

CVE-2021-33909 affects various versions of the Linux kernel, specifically those prior to the patched versions listed by the respective distributions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2021-33909 - Integer Overflow - SecAlerts