Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 803212 (CVE-2021-33909) - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)
Summary: kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2...
Status: IN_PROGRESS
Alias: CVE-2021-33909
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Kernel Security
URL: https://www.qualys.com/2021/07/20/cve...
Whiteboard: A1
Keywords:
Depends on: 803092 803095
Blocks:
  Show dependency tree
 
Reported: 2021-07-21 12:15 UTC by Thomas Deutschmann
Modified: 2021-07-29 18:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2021-07-21 12:15:50 UTC
An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information.
Comment 1 Thomas Deutschmann gentoo-dev Security 2021-07-21 12:23:44 UTC
Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b

Included in:

>=linux-5.13.4
>=linux-5.10.52
>=linux-5.4.134
>=linux-4.19.198
>=linux-4.14.240
>=linux-4.9.276
>=linux-4.4.276
Comment 2 John Helmert III gentoo-dev Security 2021-07-22 14:46:45 UTC
These kernels were stabilized before this bug was opened.
Comment 3 Larry the Git Cow gentoo-dev 2021-07-23 21:42:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b9a1ff8f90810a533a7c11c6c145e61f69d1974

commit 6b9a1ff8f90810a533a7c11c6c145e61f69d1974
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2021-07-23 21:40:33 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2021-07-23 21:42:10 +0000

    package.mask: Last rite sys-kernel/bliss-kernel-bin
    
    Bug: https://bugs.gentoo.org/803212
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 profiles/package.mask | 6 ++++++
 1 file changed, 6 insertions(+)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:20:45 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:28:51 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:36:48 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:44:50 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 17:52:54 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 17:56:50 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-07-29 18:00:50 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2021-07-29 18:09:07 UTC
Package list is empty or all packages have requested keywords.