Rewterz Threat Advisory –Microsoft Windows Vulnerable to Privilege Escalation
July 21, 2021Rewterz Threat Advisory –Oracle Patches Critical Vulnerabilities
July 21, 2021Rewterz Threat Advisory –Microsoft Windows Vulnerable to Privilege Escalation
July 21, 2021Rewterz Threat Advisory –Oracle Patches Critical Vulnerabilities
July 21, 2021Severity
High
Analysis Summary
CVE-2021-33909
A size_t-to-int conversion vulnerability in the Linuxkernel’s filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string “//deleted” to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.
Impact
- Full root privileges
Affected Vendors
Linux
Affected Products
- All Linux kernel versions released since 2014
Remediation
Refer to Qualys advisory for the complete analysis and mitigation technique.
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt