Bug 803212 (CVE-2021-33909)

Summary:	kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)
Product:	Gentoo Security	Reporter:	Thomas Deutschmann (RETIRED) <whissi>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED FIXED
Severity:	critical	CC:	gentoo
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
Whiteboard:	A1
Package list:		Runtime testing required:	---
Bug Depends on:	803092, 803095
Bug Blocks:

Description Thomas Deutschmann (RETIRED) gentoo-dev

2021-07-21 12:15:50 UTC

An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2021-07-21 12:23:44 UTC

Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

Included in:

>=linux-5.13.4
>=linux-5.10.52
>=linux-5.4.134
>=linux-4.19.198
>=linux-4.14.240
>=linux-4.9.276
>=linux-4.4.276

Comment 2 John Helmert III archtester

2021-07-22 14:46:45 UTC

These kernels were stabilized before this bug was opened.

Comment 3 Larry the Git Cow gentoo-dev

2021-07-23 21:42:19 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b9a1ff8f90810a533a7c11c6c145e61f69d1974

commit 6b9a1ff8f90810a533a7c11c6c145e61f69d1974
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2021-07-23 21:40:33 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2021-07-23 21:42:10 +0000

    package.mask: Last rite sys-kernel/bliss-kernel-bin
    
    Bug: https://bugs.gentoo.org/803212
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:20:45 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:28:51 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 17:36:48 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 17:44:50 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 8 NATTkA bot gentoo-dev

2021-07-29 17:52:54 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 9 NATTkA bot gentoo-dev

2021-07-29 17:56:50 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 10 NATTkA bot gentoo-dev

2021-07-29 18:00:50 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 11 NATTkA bot gentoo-dev

2021-07-29 18:09:07 UTC

Package list is empty or all packages have requested keywords.

Comment 12 John Helmert III archtester

2022-03-26 01:31:01 UTC

(In reply to John Helmert III from comment #2)
> These kernels were stabilized before this bug was opened.

...and now we've long been cleaned up.