--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Privilege Escalation Vulnerability in Linux Kernel' version: '1.0' number: '2021-040' date: 'July 22, 2021' --- _History:_ * _22/07/2021 --- v1.0 -- Initial publication_ # Summary A vulnerability (CVE-2021-33909) in the Linux kernel filesystem layer may allow local, unprivileged user to gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. The vulnerability is dubbed _Sequoia_ [1]. # Technical Details `fs/seq_file.c` file in the affected Linux kernels does not properly restrict seqential buffer allocations, leading to an integer overflow, an out-of-bounds write, and escalation to root by an unprivileged user. Virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. # Affected Products Linux distros using kernel 3.16 through 5.13.x before 5.13.4 # Recommendations Follow the instructions from the specific distro to update. For the most common you can reffer to [2, 3, 4]. CERT-EU recommends updating the vulnerable systems as soon as possible. ## Workaround Qualys, who discoverd this bug, has created an exploit as a PoC as well as mitigations to prevent their specific exploit from working [1]. Other exploitation techniques may exist. To completely fix this vulnerability, the kernel must be patched. # References [1] [2] [3] [4]