Main Vulnerability Database Exploits ID:6697 - Exploit for Integer overflow in Linux kernel - CVE-2021-33909

ID:6697 - Exploit for Integer overflow in Linux kernel - CVE-2021-33909

Published: September 2, 2021

Vulnerability identifier: #VU55143

Vulnerability risk: Low

CVE-ID: CVE-2021-33909

CWE-ID: CWE-190

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://github.com/ChrisTheCoolHut/CVE-2021-33909

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow during size_t-to-int conversion when creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB. An unprivileged local user can write up to 10-byte string to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.

Successful exploitation of vulnerability may allow an attacker to exploit the our-of-bounds write vulnerability to execute arbitrary code with root privileges.

Remediation

Install updates from vendor's website.

ID:6697 - Exploit for Integer overflow in Linux kernel - CVE-2021-33909

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human