July 20, 2021

Sequoia: Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)


Sequoia: Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)

Comments

ibuydan

> We discovered a size_t-to-int conversion vulnerability in the Linux
kernel’s filesystem layer: by creating, mounting, and deleting a deep
directory structure whose total path length exceeds 1GB, an unprivileged
local attacker can write the 10-byte string “//deleted” to an offset of
exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.

> We successfully exploited this uncontrolled out-of-bounds write, and
obtained full root privileges on default installations of Ubuntu 20.04,
Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other
Linux distributions are certainly vulnerable, and probably exploitable.
Our exploit requires approximately 5GB of memory and 1M inodes; we will
publish it in the near future. A basic proof of concept (a crasher) is
attached to this advisory.

https://www.openwall.com/lists/oss-security/2021/07/20/1

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.