1. Home
  2. Vulnerabilities
  3. CVE-2021-33909

CVE-2021-33909

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.19 % (57th)
0.19% Progress
Affected Products 8
Advisories 63
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Weaknesses
CWE-190
Integer Overflow or Wraparound
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2021-07-20 19:15:09
(3 years ago)
Updated Date
2023-11-07 03:35:56
(10 months ago)

Affected Products

Debian

Fedoraproject

Linux

Netapp

Oracle

Sonicwall

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.12.43 version and prior 3.13 version cpe:2.3:o:linux:linux_kernel >= 3.12.43 < 3.13
  Linux Kernel from 3.16 version and prior 4.4.276 version cpe:2.3:o:linux:linux_kernel >= 3.16 < 4.4.276
  Linux Kernel from 4.5 version and prior 4.9.276 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.276
  Linux Kernel from 4.10 version and prior 4.14.240 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.240
  Linux Kernel from 4.15 version and prior 4.19.198 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.198
  Linux Kernel from 4.20 version and prior 5.4.134 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.134
  Linux Kernel from 5.5 version and prior 5.10.52 version cpe:2.3:o:linux:linux_kernel >= 5.5 < 5.10.52
  Linux Kernel from 5.11 version and prior 5.12.19 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.12.19
  Linux Kernel from 5.13 version and prior 5.13.4 version cpe:2.3:o:linux:linux_kernel >= 5.13 < 5.13.4

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34

Configuration #3

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #4

    CPE23 From Up To
  Netapp Hci Management Node cpe:2.3:a:netapp:hci_management_node:-
  Netapp Solidfire cpe:2.3:a:netapp:solidfire:-

Configuration #5

    CPE23 From Up To
  Oracle Communications Session Border Controller 8.2 cpe:2.3:a:oracle:communications_session_border_controller:8.2
  Oracle Communications Session Border Controller 8.3 cpe:2.3:a:oracle:communications_session_border_controller:8.3
  Oracle Communications Session Border Controller 8.4 cpe:2.3:a:oracle:communications_session_border_controller:8.4
  Oracle Communications Session Border Controller 9.0 cpe:2.3:a:oracle:communications_session_border_controller:9.0

Configuration #6

AND
    CPE23 From Up To
OR  
  Sonicwall Sma1000 Firmware 12.4.2-02044 and prior versions cpe:2.3:o:sonicwall:sma1000_firmware <= 12.4.2-02044
OR  
  Running on/with
  Sonicwall Sma1000 cpe:2.3:h:sonicwall:sma1000:-