CVE-2021-33909 log

Source
Severity High
Remote No
Type Privilege escalation
Description
An privilege escalation security issue has been found in the filesystem layer of the Linux kernel before version 5.13.4. An unprivileged local attacker can obtain full root privileges by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, which leads to an uncontrolled out-of-bounds write.
Group Package Affected Fixed Severity Status Ticket
AVG-2184 linux-lts 5.10.51-1 5.10.52-1 High Fixed
AVG-2183 linux-hardened 5.12.18.hardened1-1 5.12.19.hardened1-1 High Fixed
AVG-2182 linux-zen 5.13.1.zen1-1 5.13.4.zen1-1 High Fixed
AVG-2181 linux 5.13.1.arch1-1 5.13.4.arch1-1 High Fixed
Date Advisory Group Package Severity Type
21 Jul 2021 ASA-202107-51 AVG-2184 linux-lts High privilege escalation
21 Jul 2021 ASA-202107-50 AVG-2183 linux-hardened High privilege escalation
21 Jul 2021 ASA-202107-49 AVG-2182 linux-zen High privilege escalation
21 Jul 2021 ASA-202107-48 AVG-2181 linux High privilege escalation
References
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
https://www.qualys.com/2021/07/20/cve-2021-33909/cve-2021-33909-crasher.c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.4&id=71de462034c69525a5049fbdf3903c5833cbce04
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.19&id=514b6531b1cbb64199db63bfdb80953d71998cca
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.52&id=174c34d9cda1b5818419b8f5a332ced10755e52f