fs/seq_file.c in the Linux kernel 3.16 up to and including 5.13.x prior to 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices.
As discovered by Qualys researchers, the LPE security flaw tracked as CVE-2021-33909 (
) is present in the filesystem layer used to manage user data, a feature universally used by all major (Linux) operating systems.
According to Qualys' research, the vulnerability impacts all Linux...