Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2021-33909

CVE information

Published

2 years ago

Last Modified

4 months ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

High

Impact Analysis

Description

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05..

CVSSv2.0 Score

Severity
High
Base Score
7.2/10
Exploit Score
3.9/10
Access Vector
Local
Access Complexity
Low
Authentication Required
None
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

CVSSv3.1 Score

Severity
High
Base Score
7.8/10
Exploit Score
1.8/10
Access Vector
Local
Access Complexity
Low
Privileges Required
Low
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
5.5 5.10.52
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
5.11 5.12.19
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
5.13 5.13.4
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
3.12.43 3.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
3.16 4.4.276
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
4.5 4.9.276
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
4.10 4.14.240
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
4.15 4.19.198
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
4.20 5.4.134
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_session_border_controller:8.
  Yes
- -
cpe:2.3:a:oracle:communications_session_border_controller:8.
  Yes
- -
cpe:2.3:a:oracle:communications_session_border_controller:9.
  Yes
- -
cpe:2.3:a:oracle:communications_session_border_controller:8.
  Yes
- -