Summary: | kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | gentoo |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt | ||
Whiteboard: | A1 | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 803092, 803095 | ||
Bug Blocks: |
Description
Thomas Deutschmann (RETIRED)
2021-07-21 12:15:50 UTC
Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b Included in: >=linux-5.13.4 >=linux-5.10.52 >=linux-5.4.134 >=linux-4.19.198 >=linux-4.14.240 >=linux-4.9.276 >=linux-4.4.276 These kernels were stabilized before this bug was opened. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b9a1ff8f90810a533a7c11c6c145e61f69d1974 commit 6b9a1ff8f90810a533a7c11c6c145e61f69d1974 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-07-23 21:40:33 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-07-23 21:42:10 +0000 package.mask: Last rite sys-kernel/bliss-kernel-bin Bug: https://bugs.gentoo.org/803212 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+) Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. (In reply to John Helmert III from comment #2) > These kernels were stabilized before this bug was opened. ...and now we've long been cleaned up. |