Vulnerability-Lookup

WID-SEC-W-2022-0965

Vulnerability from csaf_certbund - Published: 2021-07-20 22:00 - Updated: 2026-03-11 23:00

Summary

Linux Kernel: Schwachstelle ermöglicht Privilegieneskalation

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar. Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution. Ubuntu Linux ist die Linux Distribution des Herstellers Canonical.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel, Red Hat Enterprise Linux und Ubuntu Linux ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme: - Appliance - Linux

CVE-2021-33909

Affected products

Known affected 20 products

Product	Identifier	Version
Avaya Aura Experience Portal Avaya	`cpe:/a:avaya:aura_experience_portal:-`	—
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Breeze Platform Avaya	`cpe:/a:avaya:breeze_platform:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Session Border Controller Avaya	`cpe:/h:avaya:session_border_controller:-`	—
Extreme Networks Extreme Management Center Extreme Networks	`cpe:/a:extremenetworks:netsight:-`	—
Open Source Linux Kernel <5.13.4 Open Source / Linux Kernel		<5.13.4
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Avaya one-X Avaya	`cpe:/a:avaya:one-x:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
SonicWall SMA <12.4.2-05082 SonicWall / SMA		<12.4.2-05082
Extreme Networks ExtremeXOS Extreme Networks	`cpe:/o:extremenetworks:extremexos:-`	—
Meinberg LANTIME <6.24.029 Meinberg / LANTIME		<6.24.029
Meinberg LANTIME <7.04.008 Meinberg / LANTIME		<7.04.008

References

84 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/security/cve/CVE-2021-33909	external
https://access.redhat.com/errata/RHSA-2021:2722	external
https://access.redhat.com/errata/RHSA-2021:2723	external
https://access.redhat.com/errata/RHSA-2021:2714	external
https://access.redhat.com/errata/RHSA-2021:2715	external
https://access.redhat.com/errata/RHSA-2021:2716	external
https://access.redhat.com/errata/RHSA-2021:2727	external
https://access.redhat.com/errata/RHSA-2021:2728	external
https://access.redhat.com/errata/RHSA-2021:2729	external
https://access.redhat.com/errata/RHSA-2021:2730	external
https://access.redhat.com/errata/RHSA-2021:2731	external
https://access.redhat.com/errata/RHSA-2021:2732	external
https://access.redhat.com/errata/RHSA-2021:2733	external
https://access.redhat.com/errata/RHSA-2021:2734	external
https://access.redhat.com/errata/RHSA-2021:2735	external
https://ubuntu.com/security/notices/USN-5014-1	external
https://ubuntu.com/security/notices/USN-5015-1	external
https://ubuntu.com/security/notices/USN-5016-1	external
https://ubuntu.com/security/notices/USN-5017-1	external
https://ubuntu.com/security/notices/USN-5018-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/ALAS-2021-1524.html	external
https://alas.aws.amazon.com/AL2/ALAS-2021-1691.html	external
https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-202…	external
https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-202…	external
https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-202…	external
https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-202…	external
https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-202…	external
http://linux.oracle.com/errata/ELSA-2021-2725.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://security.archlinux.org/ASA-202107-49	external
https://security.archlinux.org/ASA-202107-51	external
https://security.archlinux.org/ASA-202107-50	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://security.archlinux.org/ASA-202107-48	external
https://access.redhat.com/errata/RHSA-2021:2737	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2021:2736	external
http://linux.oracle.com/errata/ELSA-2021-9368.html	external
http://linux.oracle.com/errata/ELSA-2021-9369.html	external
http://linux.oracle.com/errata/ELSA-2021-9370.html	external
http://linux.oracle.com/errata/ELSA-2021-9371.html	external
http://linux.oracle.com/errata/ELSA-2021-9372.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://oss.oracle.com/pipermail/oraclevm-errata/…	external
https://kb.igel.com/securitysafety/en/isn-2021-04…	external
https://access.redhat.com/errata/RHSA-2021:2763	external
http://linux.oracle.com/errata/ELSA-2021-9374.html	external
https://ubuntu.com/security/notices/LSN-0079-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://support.f5.com/csp/article/K75133288	external
https://lists.suse.com/pipermail/sle-security-upd…	external
http://linux.oracle.com/errata/ELSA-2021-9395.html	external
https://access.redhat.com/errata/RHSA-2021:3016	external
https://oss.oracle.com/pipermail/oraclevm-errata/…	external
http://linux.oracle.com/errata/ELSA-2021-9404.html	external
http://linux.oracle.com/errata/ELSA-2021-9406.html	external
https://oss.oracle.com/pipermail/oraclevm-errata/…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2021:3119	external
http://linux.oracle.com/errata/ELSA-2021-9407.html	external
http://linux.oracle.com/errata/ELSA-2021-3057.html	external
http://linux.oracle.com/errata/ELSA-2021-9410.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2021:3259	external
https://downloads.avaya.com/css/P8/documents/101077234	external
https://ubuntu.com/security/notices/LSN-0081-1	external
https://extremeportal.force.com/ExtrArticleDetail…	external
https://access.redhat.com/errata/RHSA-2021:4356	external
https://www.meinberg.de/german/news/meinberg-secu…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/LSN-0083-1	external
https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-20…	external
https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2…	external
https://psirt.global.sonicwall.com/vuln-detail/SN…	external
http://linux.oracle.com/errata/ELSA-2022-9999.html	external
https://security.netapp.com/advisory/NTAP-20210819-0004	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.\r\nUbuntu Linux ist die Linux Distribution des Herstellers Canonical.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel, Red Hat Enterprise Linux und Ubuntu Linux ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Appliance\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0965 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0965.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0965 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0965"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/security/cve/CVE-2021-33909"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2722"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2723"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2714"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2715"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2716"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2727"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2728"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2729"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2730"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2731"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2732"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2733"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2734"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2021-07-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:2735"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Advisory vom 2021-07-20",
        "url": "https://ubuntu.com/security/notices/USN-5014-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Advisory vom 2021-07-20",
        "url": "https://ubuntu.com/security/notices/USN-5015-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Advisory vom 2021-07-20",
        "url": "https://ubuntu.com/security/notices/USN-5016-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Advisory vom 2021-07-20",
        "url": "https://ubuntu.com/security/notices/USN-5017-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Advisory vom 2021-07-20",
        "url": "https://ubuntu.com/security/notices/USN-5018-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2427-1 vom 2021-07-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009190.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1524 vom 2021-07-22",
        "url": "https://alas.aws.amazon.com/ALAS-2021-1524.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1691 vom 2021-07-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1691.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2021-059 vom 2021-07-21",
        "url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2021-059.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2021-055 vom 2021-07-21",
        "url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2021-055.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2021-056 vom 2021-07-21",
        "url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2021-056.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2021-057 vom 2021-07-21",
        "url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2021-057.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2021-058 vom 2021-07-21",
        "url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2021-058.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-2725 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-2725.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2438-1 vom 2021-07-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009194.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-49 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-49"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-51 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-51"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-50 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-50"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2421-1 vom 2021-07-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009183.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-48 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-48"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2737 vom 2021-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:2737"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2422-1 vom 2021-07-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009191.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2736 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2736"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9368 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9368.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9369 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9369.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9370 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9370.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9371 vom 2021-07-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9371.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9372 vom 2021-07-23",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9372.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2451-1 vom 2021-07-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009203.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2021-0023 vom 2021-07-22",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2021-July/001024.html"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2021-04 vom 2021-07-23",
        "url": "https://kb.igel.com/securitysafety/en/isn-2021-04-igel-os-kernel-privilege-escalation-47715888.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2763 vom 2021-07-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:2763"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9374 vom 2021-07-27",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9374.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice LSN-0079-1 vom 2021-07-26",
        "url": "https://ubuntu.com/security/notices/LSN-0079-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2487-1 vom 2021-07-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009222.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2538-1 vom 2021-07-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009221.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2542-1 vom 2021-07-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009226.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2559-1 vom 2021-07-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009233.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2560-1 vom 2021-07-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009230.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2577-1 vom 2021-07-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009234.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K75133288 vom 2021-08-03",
        "url": "https://support.f5.com/csp/article/K75133288"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2584-1 vom 2021-08-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009239.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9395 vom 2021-08-04",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9395.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3016 vom 2021-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2021:3016"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2021-0025 vom 2021-08-09",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2021-August/001026.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9404 vom 2021-08-10",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9404.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9406 vom 2021-08-10",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9406.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2021-0025 vom 2021-08-09",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2021-August/001027.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2643-1 vom 2021-08-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009279.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3119 vom 2021-08-10",
        "url": "https://access.redhat.com/errata/RHSA-2021:3119"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9407 vom 2021-08-11",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9407.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-3057 vom 2021-08-12",
        "url": "http://linux.oracle.com/errata/ELSA-2021-3057.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-9410 vom 2021-08-11",
        "url": "http://linux.oracle.com/errata/ELSA-2021-9410.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2678-1 vom 2021-08-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009288.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3259 vom 2021-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2021:3259"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-100 vom 2021-08-25",
        "url": "https://downloads.avaya.com/css/P8/documents/101077234"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice LSN-0081-1 vom 2021-09-13",
        "url": "https://ubuntu.com/security/notices/LSN-0081-1"
      },
      {
        "category": "external",
        "summary": "ExtremeNetworks Vulnerability Notice VN-2021-462 vom 2021-09-21",
        "url": "https://extremeportal.force.com/ExtrArticleDetail?an=000099120"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4356 vom 2021-11-09",
        "url": "https://access.redhat.com/errata/RHSA-2021:4356"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory MBGSA-2021.03 vom 2021-11-15",
        "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-03-meinberg-lantime-firmware-v7-04-008-und-v6-24-029.htm"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:3876-1 vom 2021-12-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009810.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice LSN-0083-1 vom 2022-01-06",
        "url": "https://ubuntu.com/security/notices/LSN-0083-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2022-005 vom 2022-01-31",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-005.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2022-003 vom 2022-01-31",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-003.html"
      },
      {
        "category": "external",
        "summary": "SonicWall Security Advisory SNWLID-2022-0015 vom 2022-08-09",
        "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9999 vom 2022-11-16",
        "url": "http://linux.oracle.com/errata/ELSA-2022-9999.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20210819-0004 vom 2026-03-11",
        "url": "https://security.netapp.com/advisory/NTAP-20210819-0004"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2026-03-11T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-12T10:16:39.740+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2022-0965",
      "initial_release_date": "2021-07-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-07-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-07-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE, Amazon, Oracle Linux, Arch Linux und Red Hat aufgenommen"
        },
        {
          "date": "2021-07-22T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat, Oracle Linux, SUSE und ORACLE aufgenommen"
        },
        {
          "date": "2021-07-26T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat, Oracle Linux und Ubuntu aufgenommen"
        },
        {
          "date": "2021-07-27T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-07-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-07-29T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-08-01T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-08-02T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von F5 und SUSE aufgenommen"
        },
        {
          "date": "2021-08-03T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-08-05T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-09T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von ORACLE und Oracle Linux aufgenommen"
        },
        {
          "date": "2021-08-10T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2021-08-11T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-08-12T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-08-24T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-26T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-09-13T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-09-21T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von ExtremeNetworks aufgenommen"
        },
        {
          "date": "2021-11-09T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-11-14T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Meinberg aufgenommen"
        },
        {
          "date": "2021-12-02T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-01-06T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-01-30T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-08-09T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SonicWall aufgenommen"
        },
        {
          "date": "2022-11-16T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-03-11T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von NetApp aufgenommen"
        }
      ],
      "status": "final",
      "version": "27"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Experience Portal",
            "product": {
              "name": "Avaya Aura Experience Portal",
              "product_id": "T015519",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_experience_portal:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Breeze Platform",
            "product": {
              "name": "Avaya Breeze Platform",
              "product_id": "T015823",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:breeze_platform:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Session Border Controller",
            "product": {
              "name": "Avaya Session Border Controller",
              "product_id": "T015520",
              "product_identification_helper": {
                "cpe": "cpe:/h:avaya:session_border_controller:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya one-X",
            "product": {
              "name": "Avaya one-X",
              "product_id": "1024",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:one-x:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Extreme Networks Extreme Management Center",
            "product": {
              "name": "Extreme Networks Extreme Management Center",
              "product_id": "T020454",
              "product_identification_helper": {
                "cpe": "cpe:/a:extremenetworks:netsight:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Extreme Networks ExtremeXOS",
            "product": {
              "name": "Extreme Networks ExtremeXOS",
              "product_id": "T020452",
              "product_identification_helper": {
                "cpe": "cpe:/o:extremenetworks:extremexos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Extreme Networks"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.04.008",
                "product": {
                  "name": "Meinberg LANTIME \u003c7.04.008",
                  "product_id": "T021044"
                }
              },
              {
                "category": "product_version",
                "name": "7.04.008",
                "product": {
                  "name": "Meinberg LANTIME 7.04.008",
                  "product_id": "T021044-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:meinberg:lantime:7.04.008"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.24.029",
                "product": {
                  "name": "Meinberg LANTIME \u003c6.24.029",
                  "product_id": "T021045"
                }
              },
              {
                "category": "product_version",
                "name": "6.24.029",
                "product": {
                  "name": "Meinberg LANTIME 6.24.029",
                  "product_id": "T021045-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:meinberg:lantime:6.24.029"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LANTIME"
          }
        ],
        "category": "vendor",
        "name": "Meinberg"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Baseboard Management Controller",
                "product": {
                  "name": "NetApp AFF Baseboard Management Controller",
                  "product_id": "T025086",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:netapp:aff:::baseboard_management_controller"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AFF"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Baseboard Management Controller",
                "product": {
                  "name": "NetApp FAS Baseboard Management Controller",
                  "product_id": "T043535",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:netapp:fas:baseboard_management_controller"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FAS"
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.13.4",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.13.4",
                  "product_id": "T019930"
                }
              },
              {
                "category": "product_version",
                "name": "5.13.4",
                "product": {
                  "name": "Open Source Linux Kernel 5.13.4",
                  "product_id": "T019930-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.13.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4.2-05082",
                "product": {
                  "name": "SonicWall SMA \u003c12.4.2-05082",
                  "product_id": "T024258"
                }
              },
              {
                "category": "product_version",
                "name": "12.4.2-05082",
                "product": {
                  "name": "SonicWall SMA 12.4.2-05082",
                  "product_id": "T024258-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:sonicwall:secure_mobile_access:12.4.2-05082"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SMA"
          }
        ],
        "category": "vendor",
        "name": "SonicWall"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-33909",
      "product_status": {
        "known_affected": [
          "T015519",
          "T025086",
          "67646",
          "T015823",
          "T013312",
          "T004914",
          "T015520",
          "T020454",
          "T019930",
          "T002207",
          "T043535",
          "T017865",
          "1024",
          "T000126",
          "T001663",
          "398363",
          "T024258",
          "T020452",
          "T021045",
          "T021044"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-33909"
    }
  ]
}

CVE-2021-33909 (GCVE-0-2021-33909)

Vulnerability from cvelistv5 – Published: 2021-07-20 18:01 – Updated: 2024-08-04 00:05

Summary

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

20 references

URL	Tags
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2021/dsa-4941	vendor-advisoryx_refsource_DEBIAN
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2021/07/22/7	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/0…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/09/17/2	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/09/17/4	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/09/21/1	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.openwall.com/lists/oss-security/2021/…	x_refsource_MISC
https://github.com/torvalds/linux/commit/8cae8cd8…	x_refsource_CONFIRM
https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_CONFIRM
http://packetstormsecurity.com/files/163621/Sequo…	x_refsource_MISC
http://packetstormsecurity.com/files/163671/Kerne…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021081…	x_refsource_CONFIRM
http://packetstormsecurity.com/files/164155/Kerne…	x_refsource_MISC
http://packetstormsecurity.com/files/165477/Kerne…	x_refsource_MISC
https://psirt.global.sonicwall.com/vuln-detail/SN…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:05:52.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
          },
          {
            "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
          },
          {
            "name": "DSA-4941",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4941"
          },
          {
            "name": "FEDORA-2021-07dc0b3eb1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4UHHIGISO3FVRF4CQNJS4IKA25ATSFU/"
          },
          {
            "name": "[oss-security] 20210722 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux\u0027s filesystem layer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/07/22/7"
          },
          {
            "name": "[oss-security] 20210825 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux\u0027s filesystem layer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/08/25/10"
          },
          {
            "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
          },
          {
            "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
          },
          {
            "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/07/20/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210819-0004/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-09T21:06:18.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
        },
        {
          "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
        },
        {
          "name": "DSA-4941",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4941"
        },
        {
          "name": "FEDORA-2021-07dc0b3eb1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4UHHIGISO3FVRF4CQNJS4IKA25ATSFU/"
        },
        {
          "name": "[oss-security] 20210722 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux\u0027s filesystem layer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/07/22/7"
        },
        {
          "name": "[oss-security] 20210825 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux\u0027s filesystem layer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/08/25/10"
        },
        {
          "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
        },
        {
          "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
        },
        {
          "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2021/07/20/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210819-0004/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-33909",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
            },
            {
              "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
            },
            {
              "name": "DSA-4941",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4941"
            },
            {
              "name": "FEDORA-2021-07dc0b3eb1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4UHHIGISO3FVRF4CQNJS4IKA25ATSFU/"
            },
            {
              "name": "[oss-security] 20210722 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux\u0027s filesystem layer",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/07/22/7"
            },
            {
              "name": "[oss-security] 20210825 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux\u0027s filesystem layer",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/08/25/10"
            },
            {
              "name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
            },
            {
              "name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
            },
            {
              "name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2021/07/20/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2021/07/20/1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4",
              "refsource": "CONFIRM",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4"
            },
            {
              "name": "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210819-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210819-0004/"
            },
            {
              "name": "http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33909",
    "datePublished": "2021-07-20T18:01:34.000Z",
    "dateReserved": "2021-06-07T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:05:52.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2022-0965

CVE-2021-33909 (GCVE-0-2021-33909)

Tags

Sightings

Nomenclature