Sign-up

ID

VAR-202107-1361


CVE

CVE-2021-33909


TITLE

Red Hat Security Advisory 2021-2732-01

Trust: 0.1

sources: PACKETSTORM: 163580

DESCRIPTION

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2021:2732-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2732 Issue date: 2021-07-20 CVE Names: CVE-2020-28374 CVE-2021-3347 CVE-2021-33034 CVE-2021-33909 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.90.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.90.2.el7.noarch.rpm kernel-doc-3.10.0-693.90.2.el7.noarch.rpm x86_64: kernel-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.90.2.el7.x86_64.rpm kernel-devel-3.10.0-693.90.2.el7.x86_64.rpm kernel-headers-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.90.2.el7.x86_64.rpm perf-3.10.0-693.90.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm python-perf-3.10.0-693.90.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.90.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.90.2.el7.noarch.rpm kernel-doc-3.10.0-693.90.2.el7.noarch.rpm ppc64le: kernel-3.10.0-693.90.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.90.2.el7.ppc64le.rpm kernel-debug-3.10.0-693.90.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.90.2.el7.ppc64le.rpm kernel-devel-3.10.0-693.90.2.el7.ppc64le.rpm kernel-headers-3.10.0-693.90.2.el7.ppc64le.rpm kernel-tools-3.10.0-693.90.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.90.2.el7.ppc64le.rpm perf-3.10.0-693.90.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm python-perf-3.10.0-693.90.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.90.2.el7.x86_64.rpm kernel-devel-3.10.0-693.90.2.el7.x86_64.rpm kernel-headers-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.90.2.el7.x86_64.rpm perf-3.10.0-693.90.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm python-perf-3.10.0-693.90.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.90.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.90.2.el7.noarch.rpm kernel-doc-3.10.0-693.90.2.el7.noarch.rpm x86_64: kernel-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.90.2.el7.x86_64.rpm kernel-devel-3.10.0-693.90.2.el7.x86_64.rpm kernel-headers-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.90.2.el7.x86_64.rpm perf-3.10.0-693.90.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm python-perf-3.10.0-693.90.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.90.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.90.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.90.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.90.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.90.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.90.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.90.2.el7.x86_64.rpm perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.90.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPc9TtzjgjWX9erEAQj74Q/+MYfqRjICnJdQu26bEvEI/DN5Jt6YNmyM 8nVqaOD0vMaTmdK45RrH7PtEO/S/pm8/jnsDVrGwzSlyTnd6u/MHWOTlqvZvccn0 RBZ2CT2hMAtFjVZxnbKEXoaQW1eM0LFjjyTFTCcp32LydxcZMpXxmn162mCjhVje CtdLcO83TKFwQSE2n4h/DXS1Q11IOayaorc7W6y9V/d9ICEYl0L8hG46Zhui7T18 ylFKrvEwaPO1ZXDJajXlQRGoRgAbtUh1JD40u+R7XGM8dew+dk9hjV8FfdbKY1qv +SUBWlvPUahF3ZHsGFSIUO8442tijsUT3q4WY5xDkWDX4e1iQkLV0xPP2909xA5A noKv+jYhhkOnc7IrTUZDUhnu7qVl5oFhsXqmnHrhSb8/ntDfqwbKIknRmw4NEnIT hrvrSH3jR+gxlPGm7G4pnSujZ3H6pA14z7y6Dwv6BJg4IKkOvTO7SmmYZng9Jm5s efyzvRO3dBaoeFTcIaswmrxgWiCjs5lmj4SWl005uwuMSaeVvYG3EP1/mgDDgh0S PcnBoQqLot7C8U7QJquxUQ/PrxoAOcRcFCxbGG3MaAKq0xda1Rh/cAQhMsgBgQSq uBs6cFVvoQ5ObbGuiHGME39S2Va3T3c6Z3zz6QlBFPkaoxQHDrg5R3eJ8FMuW42m eDqZcy0vJHI=DoiN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1975159) 4. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * RHEL8.2 Snapshot2 - tpm: ibmvtpm: Wait for buffer to be set before proceeding (BZ#1933986) * fnic crash from invalid request pointer (BZ#1961707) * [Azure][RHEL8.4] Two Patches Needed To Enable Azure Host Time-syncing in VMs (BZ#1963051) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1969338) 4. 7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. ========================================================================= Ubuntu Security Notice USN-5015-1 July 20, 2021 linux-oem-5.10 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.10: Linux kernel for OEM systems Details: It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-28691) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573) It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-3587) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.10.0-1038-oem 5.10.0-1038.40 linux-image-oem-20.04 5.10.0.1038.40 linux-image-oem-20.04b 5.10.0.1038.40 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. (CVE-2021-33909) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. (CVE-2021-33034) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks

Trust: 1.8

sources: NVD: CVE-2021-33909 // VULMON: CVE-2021-33909 // PACKETSTORM: 163580 // PACKETSTORM: 163583 // PACKETSTORM: 163589 // PACKETSTORM: 163594 // PACKETSTORM: 163596 // PACKETSTORM: 163597 // PACKETSTORM: 163598 // PACKETSTORM: 163602 // PACKETSTORM: 163619

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:9.0

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.16

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.4

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.12.43

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.276

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.240

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.134

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.13

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.12.19

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.13.4

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.4.276

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.13

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.52

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.3

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.2

Trust: 1.0

vendor:sonicwallmodel:sma1000scope:lteversion:12.4.2-02044

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.198

Trust: 1.0

sources: NVD: CVE-2021-33909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33909
value: HIGH

Trust: 1.0

VULMON: CVE-2021-33909
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-33909
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-33909
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-33909 // NVD: CVE-2021-33909

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-190

Trust: 1.0

sources: NVD: CVE-2021-33909

THREAT TYPE

local

Trust: 0.3

sources: PACKETSTORM: 163596 // PACKETSTORM: 163597 // PACKETSTORM: 163598

TYPE

arbitrary

Trust: 0.3

sources: PACKETSTORM: 163596 // PACKETSTORM: 163597 // PACKETSTORM: 163598

PATCH

title:Amazon Linux AMI: ALAS-2021-1524url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1524

Trust: 0.1

title:Debian Security Advisories: DSA-4941-1 linux -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fb9b5f5cc430f484f4420a11b7b87136

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-055url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-055

Trust: 0.1

title:Amazon Linux 2: ALAS2KERNEL-5.10-2022-003url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2KERNEL-5.10-2022-003

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1691url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1691

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-057url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-057

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-056url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-056

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-48] linux: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-48

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-50] linux-hardened: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-50

Trust: 0.1

title:Amazon Linux 2: ALAS2KERNEL-5.4-2022-005url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2KERNEL-5.4-2022-005

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-058url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-058

Trust: 0.1

title:Amazon Linux 2: ALAS2LIVEPATCH-2021-059url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-059

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-49] linux-zen: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-49

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-51] linux-lts: privilege escalationurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-51

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-33909 log

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:LinuxVulnerabilitiesurl:https://github.com/gitezri/LinuxVulnerabilities

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-33909

Trust: 0.1

title:CVE-2021-33909url:https://github.com/AmIAHuman/CVE-2021-33909

Trust: 0.1

title:CVE-2021-33909url:https://github.com/Liang2580/CVE-2021-33909

Trust: 0.1

title:cve-2021-33909url:https://github.com/baerwolf/cve-2021-33909

Trust: 0.1

title:CVE-2021-33909url:https://github.com/bbinfosec43/CVE-2021-33909

Trust: 0.1

title:deep-directoryurl:https://github.com/sfowl/deep-directory

Trust: 0.1

title:integer_compilation_flagsurl:https://github.com/mdulin2/integer_compilation_flags

Trust: 0.1

title:CVE-2021-33909url:https://github.com/AlAIAL90/CVE-2021-33909

Trust: 0.1

title:CVE-2021-33909url:https://github.com/ChrisTheCoolHut/CVE-2021-33909

Trust: 0.1

title: - url:https://github.com/knewbury01/codeql-workshop-integer-conversion

Trust: 0.1

title:kickstart-rhel8url:https://github.com/alexhaydock/kickstart-rhel8

Trust: 0.1

title:exploit_articlesurl:https://github.com/ChoKyuWon/exploit_articles

Trust: 0.1

title: - url:https://github.com/hardenedvault/ved

Trust: 0.1

title:SVG-advisoriesurl:https://github.com/EGI-Federation/SVG-advisories

Trust: 0.1

title: - url:https://github.com/makoto56/penetration-suite-toolkit

Trust: 0.1

sources: VULMON: CVE-2021-33909

EXTERNAL IDS

db:NVDid:CVE-2021-33909

Trust: 2.0

db:OPENWALLid:OSS-SECURITY/2021/09/21/1

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/07/20/1

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/08/25/10

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/09/17/2

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/07/22/7

Trust: 1.0

db:OPENWALLid:OSS-SECURITY/2021/09/17/4

Trust: 1.0

db:PACKETSTORMid:164155

Trust: 1.0

db:PACKETSTORMid:163621

Trust: 1.0

db:PACKETSTORMid:163671

Trust: 1.0

db:PACKETSTORMid:165477

Trust: 1.0

db:VULMONid:CVE-2021-33909

Trust: 0.1

db:PACKETSTORMid:163580

Trust: 0.1

db:PACKETSTORMid:163583

Trust: 0.1

db:PACKETSTORMid:163589

Trust: 0.1

db:PACKETSTORMid:163594

Trust: 0.1

db:PACKETSTORMid:163596

Trust: 0.1

db:PACKETSTORMid:163597

Trust: 0.1

db:PACKETSTORMid:163598

Trust: 0.1

db:PACKETSTORMid:163602

Trust: 0.1

db:PACKETSTORMid:163619

Trust: 0.1

sources: VULMON: CVE-2021-33909 // PACKETSTORM: 163580 // PACKETSTORM: 163583 // PACKETSTORM: 163589 // PACKETSTORM: 163594 // PACKETSTORM: 163596 // PACKETSTORM: 163597 // PACKETSTORM: 163598 // PACKETSTORM: 163602 // PACKETSTORM: 163619 // NVD: CVE-2021-33909

REFERENCES

url:http://packetstormsecurity.com/files/163621/sequoia-a-deep-root-in-linuxs-filesystem-layer.html

Trust: 1.0

url:http://packetstormsecurity.com/files/163671/kernel-live-patch-security-notice-lsn-0079-1.html

Trust: 1.0

url:http://packetstormsecurity.com/files/164155/kernel-live-patch-security-notice-lsn-0081-1.html

Trust: 1.0

url:http://packetstormsecurity.com/files/165477/kernel-live-patch-security-notice-lsn-0083-1.html

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/07/22/7

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/08/25/10

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/09/17/2

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/09/17/4

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2021/09/21/1

Trust: 1.0

url:https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.13.4

Trust: 1.0

url:https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z4uhhigiso3fvrf4cqnjs4ika25atsfu/

Trust: 1.0

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0015

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20210819-0004/

Trust: 1.0

url:https://www.debian.org/security/2021/dsa-4941

Trust: 1.0

url:https://www.openwall.com/lists/oss-security/2021/07/20/1

Trust: 1.0

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-33909

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-33034

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-33909

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.6

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-006

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-33034

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3347

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2021:2732

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28374

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35508

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2718

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35508

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26541

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3564

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1038.40

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5015-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3587

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28691

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-63.71~20.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23134

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1041.43

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1038.40

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5016-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-5.8/5.8.0-1041.43~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.8.0-63.71

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle-5.8/5.8.0-1037.38~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1039.42

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1032.35

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3506

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1037.38

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-5.8/5.8.0-1039.42~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1033.36

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32399

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp-5.8/5.8.0-1038.40~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1021.22

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26558

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1049.53~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1049.53

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1052.56~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1041.45

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1044.46

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5017-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1049.52~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-80.90~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1054.57~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1055.57

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1052.56

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1049.52

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1055.57~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1054.57

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.4.0-80.90

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1021.22~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1041.45~18.04.1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2720

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2737

Trust: 0.1

url:https://access.redhat.com/articles/2974891

Trust: 0.1

sources: PACKETSTORM: 163580 // PACKETSTORM: 163583 // PACKETSTORM: 163589 // PACKETSTORM: 163594 // PACKETSTORM: 163596 // PACKETSTORM: 163597 // PACKETSTORM: 163598 // PACKETSTORM: 163602 // PACKETSTORM: 163619 // NVD: CVE-2021-33909

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 163580 // PACKETSTORM: 163583 // PACKETSTORM: 163589 // PACKETSTORM: 163594 // PACKETSTORM: 163602 // PACKETSTORM: 163619

SOURCES

db:VULMONid:CVE-2021-33909
db:PACKETSTORMid:163580
db:PACKETSTORMid:163583
db:PACKETSTORMid:163589
db:PACKETSTORMid:163594
db:PACKETSTORMid:163596
db:PACKETSTORMid:163597
db:PACKETSTORMid:163598
db:PACKETSTORMid:163602
db:PACKETSTORMid:163619
db:NVDid:CVE-2021-33909

LAST UPDATE DATE

2026-02-06T20:43:37.516000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-33909date:2023-11-07T00:00:00
db:NVDid:CVE-2021-33909date:2023-11-07T03:35:56.050

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-33909date:2021-07-20T00:00:00
db:PACKETSTORMid:163580date:2021-07-21T16:02:21
db:PACKETSTORMid:163583date:2021-07-21T16:02:44
db:PACKETSTORMid:163589date:2021-07-21T16:03:31
db:PACKETSTORMid:163594date:2021-07-21T16:04:11
db:PACKETSTORMid:163596date:2021-07-21T16:04:22
db:PACKETSTORMid:163597date:2021-07-21T16:04:29
db:PACKETSTORMid:163598date:2021-07-21T16:04:36
db:PACKETSTORMid:163602date:2021-07-21T16:05:06
db:PACKETSTORMid:163619date:2021-07-21T16:07:24
db:NVDid:CVE-2021-33909date:2021-07-20T19:15:09.747