CVE-2021-33909 - log back

CVE-2021-33909 edited at 26 Aug 2021 09:16:55
References
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
https://www.qualys.com/2021/07/20/cve-2021-33909/cve-2021-33909-crasher.c
+ https://www.qualys.com/2021/07/20/cve-2021-33909/cve-2021-33909-exploit.tar.gz
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.4&id=71de462034c69525a5049fbdf3903c5833cbce04
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.19&id=514b6531b1cbb64199db63bfdb80953d71998cca
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.52&id=174c34d9cda1b5818419b8f5a332ced10755e52f
CVE-2021-33909 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
CVE-2021-33909 edited at 20 Jul 2021 15:36:50
Description
- An privilege escalation security issue has been found in the filesystem layer of the Linux kernel. An unprivileged local attacker can obtain full root privileges by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, which leads to an uncontrolled out-of-bounds write.
+ An privilege escalation security issue has been found in the filesystem layer of the Linux kernel before version 5.13.4. An unprivileged local attacker can obtain full root privileges by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, which leads to an uncontrolled out-of-bounds write.
References
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
https://www.qualys.com/2021/07/20/cve-2021-33909/cve-2021-33909-crasher.c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.4&id=71de462034c69525a5049fbdf3903c5833cbce04
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.19&id=514b6531b1cbb64199db63bfdb80953d71998cca
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.52&id=174c34d9cda1b5818419b8f5a332ced10755e52f
CVE-2021-33909 edited at 20 Jul 2021 13:18:19
Type
- Arbitrary code execution
+ Privilege escalation
Description
- An arbitrary code execution security issue has been found in the seq_set_overflow() function of the Linux kernel.
+ An privilege escalation security issue has been found in the filesystem layer of the Linux kernel. An unprivileged local attacker can obtain full root privileges by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, which leads to an uncontrolled out-of-bounds write.
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-33909
+ https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
+ https://www.qualys.com/2021/07/20/cve-2021-33909/cve-2021-33909-crasher.c
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
CVE-2021-33909 edited at 20 Jul 2021 12:34:23
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ An arbitrary code execution security issue has been found in the seq_set_overflow() function of the Linux kernel.
References
+ https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-33909
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
CVE-2021-33909 created at 20 Jul 2021 12:31:42
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes