A vulnerability (CVE-2021-33909) in the Linux kernel file system layer that could allow unprivileged local attackers to gain root privileges on a vulnerable host has been discovered by researchers.
“Qualys security researchers were able to independently verify the vulnerability, develop an exploit, and gain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are probably vulnerable and possibly exploitable ”, mentionned Bharat Jogi, Senior Manager, Vulnerabilities and Signatures, Qualys.
They also reported CVE-2021-33910, a closely related vulnerability in systemd that could lead to a denial of service condition.
About vulnerabilities (CVE-2021-33909 and CVE-2021-33910
The source of both flaws is the incorrect handling of long path names.
“The first vulnerability (CVE-2021-33909) is an attack on the Linux kernel. An unprivileged local attacker can exploit this vulnerability by creating, mounting, and deleting a deep directory structure with a total path length exceeding 1 GB. A successful attack results in elevation of privilege, ”explained the security team at Red Hat.
“The second vulnerability (CVE-2021-33910) is an attack against systemd (the system and service manager) and requires a local attacker capable of mounting a filesystem with a long path. This attack causes systemd, the services it manages, and the entire system to crash and stop responding.
Qualys researchers dubbed CVE-2021-33909 “Sequoia” – “a pun on the root-privileged bug’s deep directory tree” – and stated that all versions of the Linux kernel from 2014 onwards (Linux 3.16) are vulnerable.
Patches are available
Qualys sent notices of the two vulnerabilities to Red Hat Product Security in early June, and Red Hat sent the fixes they wrote to linux-distros @ openwall and to the security @ kernel mailing list earlier this month.
CVE-2021-33909 affects Red Hat Enterprise Linux 8, 7, and 6, and CVE-2021-33910 affects Red Hat Enterprise Linux 8.
“Additionally, any Red Hat product supported on Red Hat Enterprise Linux (including RHEL CoreOS) is also potentially impacted,” the company said. mentionned.
They provided a vulnerability detection script that customers can use to determine if their system is currently vulnerable, and advised customers running affected versions of Red Hat products to immediately apply available updates.