CVE-2021-33909

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.16 through 5.13.x before 5.13.4

Description The issue is related to an integer overflow and out-of-bounds write in the Linux kernel's filesystem layer, specifically in the fs/seq file.c component. This can be exploited by an unprivileged user to escalate privileges to root. The vulnerability can be triggered by creating, mounting, and deleting a deep directory structure with a total path length exceeding 1GB, allowing an attacker to write to a kernel buffer. Qualys security researchers have verified the vulnerability and developed an exploit, obtaining full root privileges on default installations of several Linux distributions, including Ubuntu and Debian.

Recommendations For Linux kernel versions 3.16 through 5.13.x before 5.13.4, update to version 5.13.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable fs/seq file.c component to minimize the risk of exploitation. Avoid creating deep directory structures that could trigger the vulnerability until the issue is resolved. At the moment, there is no other information about additional mitigation measures.