Bug 1970273 (CVE-2021-33909)
| Summary: | CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Rohit Keshri <rkeshri> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, adscvr, agk, airlied, alciregi, aromito, asavkov, aviro, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, crwood, ctoe, dblechte, dfediuck, dhoward, dhowells, dvlasenk, dwalsh, eedri, esandeen, fcanogab, fhrbata, fpacheco, germano.massullo, gpei, hdegoede, hkrzesin, ikent, jarod, jarodwilson, jeremy, jforbes, jglisse, jhou, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, masami256, mchehab, mgoldboi, michal.skrivanek, mjobanek, mlangsdo, mpatel, mszeredi, mvanderw, nmurray, nobody, pmatouse, proguski, ptalbert, qzhao, rhandlin, rphillips, rvrbovsk, sbonazzo, security-response-team, sherold, steved, sttts, swhiteho, walters, wcosta, williams, wmealing, wsun, xzhou, ycote, yturgema |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 5.14 rc3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-20 21:54:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1976738, 1970317, 1970318, 1970788, 1974125, 1974126, 1975179, 1975180, 1975181, 1975182, 1975184, 1975185, 1975186, 1975187, 1975188, 1975189, 1975190, 1975246, 1975247, 1975248, 1975249, 1975250, 1975251, 1975252, 1975253, 1975254, 1975255, 1975256, 1975617, 1975777, 1975778, 1976739, 1976740, 1976741, 1977570, 1977574, 1984019 | ||
| Bug Blocks: | 1969705 | ||
|
Description
Rohit Keshri
2021-06-10 08:17:13 UTC
*shrug* Just don't let the damn thing ask for vmalloc'ed buffer that large. IOW, add to seq_buf_alloc() if (unlikely(size > MAX_RW_COUNT)) return NULL; and be done with that. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1984019] This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2021:2734 https://access.redhat.com/errata/RHSA-2021:2734 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2021:2733 https://access.redhat.com/errata/RHSA-2021:2733 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2021:2735 https://access.redhat.com/errata/RHSA-2021:2735 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2715 https://access.redhat.com/errata/RHSA-2021:2715 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:2732 https://access.redhat.com/errata/RHSA-2021:2732 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2722 https://access.redhat.com/errata/RHSA-2021:2722 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2021:2730 https://access.redhat.com/errata/RHSA-2021:2730 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2719 https://access.redhat.com/errata/RHSA-2021:2719 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-33909 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2718 https://access.redhat.com/errata/RHSA-2021:2718 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2723 https://access.redhat.com/errata/RHSA-2021:2723 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2714 https://access.redhat.com/errata/RHSA-2021:2714 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2727 https://access.redhat.com/errata/RHSA-2021:2727 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Via RHSA-2021:2731 https://access.redhat.com/errata/RHSA-2021:2731 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2720 https://access.redhat.com/errata/RHSA-2021:2720 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2716 https://access.redhat.com/errata/RHSA-2021:2716 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:2729 https://access.redhat.com/errata/RHSA-2021:2729 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2725 https://access.redhat.com/errata/RHSA-2021:2725 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2726 https://access.redhat.com/errata/RHSA-2021:2726 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:2728 https://access.redhat.com/errata/RHSA-2021:2728 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2021:2737 https://access.redhat.com/errata/RHSA-2021:2737 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2021:2736 https://access.redhat.com/errata/RHSA-2021:2736 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2021:2763 https://access.redhat.com/errata/RHSA-2021:2763 |