CVE-2021-33909

Public on 2021-07-20
Modified on 2021-07-21
Description
An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
Severity
Important
CVSS v3 Base Score
7.0
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 kernel 2021-07-20 22:24 ALAS2-2021-1691
Amazon Linux 1 kernel 2021-07-20 22:24 ALAS-2021-1524

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H