Integer overflow in Linux kernel

#VU55143 Integer overflow in Linux kernel

Published: 2021-07-21 | Updated: 2021-09-02

Vulnerability identifier: #VU55143

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33909

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow during size_t-to-int conversion when creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB. An unprivileged local user can write up to 10-byte string to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.

Successful exploitation of vulnerability may allow an attacker to exploit the our-of-bounds write vulnerability to execute arbitrary code with root privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
http://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
http://www.openwall.com/lists/oss-security/2021/07/20/1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC VxRail Appliance

ClevOS update for IBM Cloud Object Storage Systems

Multiple vulnerabilities in IBM Netezza Host Management

Privilege escalation in SonicWall SMA 1000

Multiple vulnerabilities in Oracle Communications Session Border Controller

Multiple vulnerabilities in IBM Elastic Storage System

Integer overflow in Linux kernel in F5 BIG-IP and BIG-IQ Centralized Management

SUSE update for the Linux Kernel (Live Patch 19 for SLE 15 SP1)

SUSE update for the Linux Kernel (Live Patch 22 for SLE 15 SP1)

SUSE update for the Linux Kernel (Live Patch 2 for SLE 15 SP3)