Details of VAR-202107-1361

ID

VAR-202107-1361

CVE

CVE-2021-33909

TITLE

Linux Kernel Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012742

DESCRIPTION

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Linux Kernel Exists in a classic buffer overflow vulnerability. Vendor exploits this vulnerability CID-8cae8cd89f05 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.3.z source tree (BZ#1957359) * Placeholder bug for OCP 4.7.0 rpm release (BZ#1983534) 4. Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary Several security issues were fixed in the kernel. This affects kernel/bpf/core.c and net/core/filter.c. (CVE-2018-25020) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. (CVE-2021-3653) Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22555) It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Update instructions The problem can be corrected by updating your kernel livepatch to the following versions: Ubuntu 20.04 LTS aws - 83.1 azure - 83.1 gcp - 83.1 generic - 83.1 gke - 83.1 gkeop - 83.1 lowlatency - 83.1 Ubuntu 18.04 LTS aws - 83.1 generic - 83.1 gke - 83.1 gke - 83.2 gkeop - 83.1 gkeop - 83.2 lowlatency - 83.1 oem - 83.1 Ubuntu 16.04 ESM aws - 83.1 azure - 83.1 generic - 83.1 lowlatency - 83.1 Support Information Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible. Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26 Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-azure-4.15 - 4.15.0-1115 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-oem - 4.15.0-1063 linux - 4.15.0-69 Ubuntu 16.04 ESM linux-aws - 4.4.0-1098 linux-azure - 4.15.0-1063 linux-hwe - 4.15.0-143 linux - 4.4.0-168 Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168 References - CVE-2018-25020 - CVE-2021-3653 - CVE-2021-4002 - CVE-2021-22555 - CVE-2021-33909 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . 8) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:2730-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2730 Issue date: 2021-07-20 CVE Names: CVE-2021-3347 CVE-2021-33034 CVE-2021-33909 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1975159) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.6): Source: kernel-3.10.0-957.78.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm kernel-doc-3.10.0-957.78.2.el7.noarch.rpm x86_64: bpftool-3.10.0-957.78.2.el7.x86_64.rpm kernel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-headers-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.78.2.el7.x86_64.rpm perf-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.6): Source: kernel-3.10.0-957.78.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm kernel-doc-3.10.0-957.78.2.el7.noarch.rpm ppc64le: kernel-3.10.0-957.78.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debug-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.78.2.el7.ppc64le.rpm kernel-devel-3.10.0-957.78.2.el7.ppc64le.rpm kernel-headers-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.78.2.el7.ppc64le.rpm perf-3.10.0-957.78.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm python-perf-3.10.0-957.78.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm x86_64: kernel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-headers-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.78.2.el7.x86_64.rpm perf-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.6): Source: kernel-3.10.0-957.78.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.78.2.el7.noarch.rpm kernel-doc-3.10.0-957.78.2.el7.noarch.rpm x86_64: bpftool-3.10.0-957.78.2.el7.x86_64.rpm kernel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-devel-3.10.0-957.78.2.el7.x86_64.rpm kernel-headers-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.78.2.el7.x86_64.rpm perf-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.6): ppc64le: kernel-debug-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.78.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.78.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.78.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPc/p9zjgjWX9erEAQiGYQ/6Apfv6Vn+s1cJsOrv5bpIB+TZWR8Dw4w6 7q5tqmrA0W38qvq7EWqVwAZMtmF2YXIcuP8i8zELAPG/Y1oMax3Piy5nxc4OR55i 8H9pc0lGZn9UJtryWMPaJRqvWGF1WhE/vGPUkHhI3CmoSVDN3B3OqfC04oeVa/Gt f9wikugrLvXoD+YsJk1LAn0tJ+xGrcbMRvwxvvtvwRsje2cGPU6OAEWQr1ZKyNZc Fwi6jLUve8d3wxE6+C6IocTYMcZcw2e2U4KOwE/ONXjjNgbwV+deQU16HJk4BjcA rDqtVUWzNGXzONh6Ua4yEisVe8LdhPNoZaciNx56lKpOs8Vbv58w29edfR1zf0fW c1gH+0S19jDSwsESNSKJth5A/GY0zxsUeh5qDjoFUF1AH6IuZNmPb3VGcl5klKuo outLUo2jeIRiBiZaNSVe32nbWCEkAoFF5WrvfHYmi+i9U45gLvUG2N58ZtOQiQkb potW9xF7f15Mm1Xm9TOIaNy+ykh7TJRxKnQSaAk/jnzTLp3XeVNmPTztx7zA4Z50 bgM/MQWB9j7NMjwEopdbS4lxJsvaXerwXPT+1WDAzBZ5clOKyB5hTxTTBOrsErzs O+wKRVu9eU4FMR6ULeL+pLCZPm0eVlu9jBuySEUI05/FkAVu/YUDrgXvMiy6XknI ziN+XVubHjk=1ifB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks

Trust: 2.43

sources: NVD: CVE-2021-33909 // JVNDB: JVNDB-2021-012742 // VULMON: CVE-2021-33909 // PACKETSTORM: 163682 // PACKETSTORM: 165477 // PACKETSTORM: 163579 // PACKETSTORM: 163583 // PACKETSTORM: 163603 // PACKETSTORM: 163607 // PACKETSTORM: 163619 // PACKETSTORM: 164155

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	gte	version:	4.20	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.5	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	9.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.5	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	3.16	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	8.4	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	3.12.43	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.9.276	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.14.240	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.4.134	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.11	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.13	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.12.19	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.13.4	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.4.276	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.15	Trust: 1.0
vendor:	netapp	model:	hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	3.13	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.10.52	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	8.3	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	8.2	Trust: 1.0
vendor:	sonicwall	model:	sma1000	scope:	lte	version:	12.4.2-02044	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.198	Trust: 1.0
vendor:	日立	model:	rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	linux	model:	kernel	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	hci management node	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	solidfire	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications session border controller	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ha8000v シリーズ	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012742 // NVD: CVE-2021-33909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33909
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33909
value:	HIGH
Trust: 0.8
VULMON:	CVE-2021-33909
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-33909
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-33909
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33909
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-33909 // JVNDB: JVNDB-2021-012742 // NVD: CVE-2021-33909

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-190	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-012742 // NVD: CVE-2021-33909

TYPE

overflow

Trust: 0.1

sources: PACKETSTORM: 165477

PATCH

title:	Oracle Critical Patch Update Advisory - January 2022 Hitachi Server / Client Product Security Information	url:	https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html	Trust: 0.8
title:	Amazon Linux AMI: ALAS-2021-1524	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1524	Trust: 0.1
title:	Debian Security Advisories: DSA-4941-1 linux -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fb9b5f5cc430f484f4420a11b7b87136	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-055	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-055	Trust: 0.1
title:	Amazon Linux 2: ALAS2KERNEL-5.10-2022-003	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2KERNEL-5.10-2022-003	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1691	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1691	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-057	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-057	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-056	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-056	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202107-48] linux: privilege escalation	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-48	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202107-50] linux-hardened: privilege escalation	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-50	Trust: 0.1
title:	Amazon Linux 2: ALAS2KERNEL-5.4-2022-005	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2KERNEL-5.4-2022-005	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-058	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-058	Trust: 0.1
title:	Amazon Linux 2: ALAS2LIVEPATCH-2021-059	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2LIVEPATCH-2021-059	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202107-49] linux-zen: privilege escalation	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-49	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202107-51] linux-lts: privilege escalation	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-51	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-33909 log	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	LinuxVulnerabilities	url:	https://github.com/gitezri/LinuxVulnerabilities	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-33909	Trust: 0.1
title:	CVE-2021-33909	url:	https://github.com/AmIAHuman/CVE-2021-33909	Trust: 0.1
title:	CVE-2021-33909	url:	https://github.com/Liang2580/CVE-2021-33909	Trust: 0.1
title:	cve-2021-33909	url:	https://github.com/baerwolf/cve-2021-33909	Trust: 0.1
title:	CVE-2021-33909	url:	https://github.com/bbinfosec43/CVE-2021-33909	Trust: 0.1
title:	deep-directory	url:	https://github.com/sfowl/deep-directory	Trust: 0.1
title:	integer_compilation_flags	url:	https://github.com/mdulin2/integer_compilation_flags	Trust: 0.1
title:	CVE-2021-33909	url:	https://github.com/AlAIAL90/CVE-2021-33909	Trust: 0.1
title:	CVE-2021-33909	url:	https://github.com/ChrisTheCoolHut/CVE-2021-33909	Trust: 0.1
title:	-	url:	https://github.com/knewbury01/codeql-workshop-integer-conversion	Trust: 0.1
title:	kickstart-rhel8	url:	https://github.com/alexhaydock/kickstart-rhel8	Trust: 0.1
title:	exploit_articles	url:	https://github.com/ChoKyuWon/exploit_articles	Trust: 0.1
title:	-	url:	https://github.com/hardenedvault/ved	Trust: 0.1
title:	SVG-advisories	url:	https://github.com/EGI-Federation/SVG-advisories	Trust: 0.1
title:	-	url:	https://github.com/makoto56/penetration-suite-toolkit	Trust: 0.1

sources: VULMON: CVE-2021-33909 // JVNDB: JVNDB-2021-012742

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33909	Trust: 3.5
db:	PACKETSTORM	id:	163621	Trust: 1.8
db:	PACKETSTORM	id:	165477	Trust: 1.1
db:	PACKETSTORM	id:	164155	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/09/21/1	Trust: 1.0
db:	OPENWALL	id:	OSS-SECURITY/2021/07/20/1	Trust: 1.0
db:	OPENWALL	id:	OSS-SECURITY/2021/08/25/10	Trust: 1.0
db:	OPENWALL	id:	OSS-SECURITY/2021/09/17/2	Trust: 1.0
db:	OPENWALL	id:	OSS-SECURITY/2021/07/22/7	Trust: 1.0
db:	OPENWALL	id:	OSS-SECURITY/2021/09/17/4	Trust: 1.0
db:	PACKETSTORM	id:	163671	Trust: 1.0
db:	ICS CERT	id:	ICSA-24-074-07	Trust: 0.8
db:	JVN	id:	JVNVU93656033	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-012742	Trust: 0.8
db:	VULMON	id:	CVE-2021-33909	Trust: 0.1
db:	PACKETSTORM	id:	163682	Trust: 0.1
db:	PACKETSTORM	id:	163579	Trust: 0.1
db:	PACKETSTORM	id:	163583	Trust: 0.1
db:	PACKETSTORM	id:	163603	Trust: 0.1
db:	PACKETSTORM	id:	163607	Trust: 0.1
db:	PACKETSTORM	id:	163619	Trust: 0.1

sources: VULMON: CVE-2021-33909 // JVNDB: JVNDB-2021-012742 // PACKETSTORM: 163682 // PACKETSTORM: 165477 // PACKETSTORM: 163579 // PACKETSTORM: 163583 // PACKETSTORM: 163603 // PACKETSTORM: 163607 // PACKETSTORM: 163619 // PACKETSTORM: 164155 // NVD: CVE-2021-33909

REFERENCES

url:	http://packetstormsecurity.com/files/163621/sequoia-a-deep-root-in-linuxs-filesystem-layer.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33909	Trust: 1.6
url:	http://packetstormsecurity.com/files/163671/kernel-live-patch-security-notice-lsn-0079-1.html	Trust: 1.0
url:	http://packetstormsecurity.com/files/164155/kernel-live-patch-security-notice-lsn-0081-1.html	Trust: 1.0
url:	http://packetstormsecurity.com/files/165477/kernel-live-patch-security-notice-lsn-0083-1.html	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2021/07/22/7	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2021/08/25/10	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2021/09/17/2	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2021/09/17/4	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2021/09/21/1	Trust: 1.0
url:	https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.13.4	Trust: 1.0
url:	https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z4uhhigiso3fvrf4cqnjs4ika25atsfu/	Trust: 1.0
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0015	Trust: 1.0
url:	https://security.netapp.com/advisory/ntap-20210819-0004/	Trust: 1.0
url:	https://www.debian.org/security/2021/dsa-4941	Trust: 1.0
url:	https://www.openwall.com/lists/oss-security/2021/07/20/1	Trust: 1.0
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu93656033/index.html	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-33909	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-006	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33034	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-33034	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22555	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3653	Trust: 0.2
url:	https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32399	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32399	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33910	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33910	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2763	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/updating/updating-cluster	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4002	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25020	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2715	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2730	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3347	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3347	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2716	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2726	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20934	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33033	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11668	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20934	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11668	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33033	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2737	Trust: 0.1
url:	https://access.redhat.com/articles/2974891	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3656	Trust: 0.1

sources: JVNDB: JVNDB-2021-012742 // PACKETSTORM: 163682 // PACKETSTORM: 165477 // PACKETSTORM: 163579 // PACKETSTORM: 163583 // PACKETSTORM: 163603 // PACKETSTORM: 163607 // PACKETSTORM: 163619 // PACKETSTORM: 164155 // NVD: CVE-2021-33909

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 163682 // PACKETSTORM: 163579 // PACKETSTORM: 163583 // PACKETSTORM: 163603 // PACKETSTORM: 163607 // PACKETSTORM: 163619

SOURCES

db:	VULMON	id:	CVE-2021-33909
db:	JVNDB	id:	JVNDB-2021-012742
db:	PACKETSTORM	id:	163682
db:	PACKETSTORM	id:	165477
db:	PACKETSTORM	id:	163579
db:	PACKETSTORM	id:	163583
db:	PACKETSTORM	id:	163603
db:	PACKETSTORM	id:	163607
db:	PACKETSTORM	id:	163619
db:	PACKETSTORM	id:	164155
db:	NVD	id:	CVE-2021-33909

LAST UPDATE DATE

2025-04-28T22:19:30.370000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-33909	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-012742	date:	2024-03-22T08:47:00
db:	NVD	id:	CVE-2021-33909	date:	2023-11-07T03:35:56.050

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-33909	date:	2021-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-012742	date:	2022-09-08T00:00:00
db:	PACKETSTORM	id:	163682	date:	2021-07-27T14:47:55
db:	PACKETSTORM	id:	165477	date:	2022-01-06T18:14:08
db:	PACKETSTORM	id:	163579	date:	2021-07-21T16:02:11
db:	PACKETSTORM	id:	163583	date:	2021-07-21T16:02:44
db:	PACKETSTORM	id:	163603	date:	2021-07-21T16:05:14
db:	PACKETSTORM	id:	163607	date:	2021-07-21T16:05:44
db:	PACKETSTORM	id:	163619	date:	2021-07-21T16:07:24
db:	PACKETSTORM	id:	164155	date:	2021-09-14T16:28:49
db:	NVD	id:	CVE-2021-33909	date:	2021-07-20T19:15:09.747