Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2021-33909

Public on 2021-07-20
Modified on 2021-07-21
Description

An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2021-07-20 22:24 ALAS-2021-1524
Amazon Linux 2 - Core kernel 2021-07-20 22:24 ALAS2-2021-1691
Amazon Linux 2 - Kernel-5.10 Extra kernel 2022-01-20 23:39 ALAS2KERNEL-5.10-2022-003
Amazon Linux 2 - Kernel-5.4 Extra kernel 2022-01-12 19:30 ALAS2KERNEL-5.4-2022-005
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.231-173.360 2021-07-21 00:56 ALAS2LIVEPATCH-2021-058
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.231-173.361 2021-07-21 00:56 ALAS2LIVEPATCH-2021-057
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.232-176.381 2021-07-21 00:55 ALAS2LIVEPATCH-2021-056
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.232-177.418 2021-07-21 01:13 ALAS2LIVEPATCH-2021-059
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.238-182.421 2021-07-21 00:55 ALAS2LIVEPATCH-2021-055

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H