CVE-2021-33909

Public on 2021-07-20
Modified on 2021-07-21
Description
An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel 2021-07-21 ALAS-2021-1524 Fixed
Amazon Linux 2 - Core kernel 2021-07-21 ALAS2-2021-1691 Fixed
Amazon Linux 2 - Kernel-5.10 Extra kernel 2022-01-28 ALAS2KERNEL-5.10-2022-003 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2022-01-28 ALAS2KERNEL-5.4-2022-005 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.231-173.360 2021-07-21 ALAS2LIVEPATCH-2021-058 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.231-173.361 2021-07-21 ALAS2LIVEPATCH-2021-057 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.232-176.381 2021-07-21 ALAS2LIVEPATCH-2021-056 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.232-177.418 2021-07-21 ALAS2LIVEPATCH-2021-059 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.238-182.421 2021-07-21 ALAS2LIVEPATCH-2021-055 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2021-33909 Mitre: CVE-2021-33909