Two Linux bugs highlighted today.
- Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)
- CVE-2021-33910: Denial of Service (Stack Exhaustion) in systemd (PID 1)
[*] Searching cve-[['2021-33909', '2021-33910']] vulnerability definitions within Kenna.VI+....
[ CVE Description ]
[*] CVE_ID : CVE-2021-33909
[_] Desc : fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
[_] C:2021-06-07 / P:2021-07-20 / L:2021-07-20
[*] Vuln Risk : 30.6247
[*] Exploited [trend] : 0 [holding] [Pre_NVD]
[_] Exploit/likehood : False/0.1999% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [4]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.2 / 8.4 ]
[_] Vuln Products : [0]
[ CVE Malware Family Info : None ]
[ CVE Description ]
[*] CVE_ID : CVE-2021-33910
[_] Desc : basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
[_] C:2021-06-07 / P:2021-07-20 / L:2021-07-20
[*] Vuln Risk : 37.5
[*] Exploited [trend] : 0 [holding] [Pre_NVD]
[_] Exploit/likehood : False/2.5210% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [6]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 2.1 / 4.0 ]
[_] Vuln Products : [0]
[ CVE Malware Family Info : None ]
[ High_Profile_Vulnerability ]
[!!!] CVE-2021-33909 (30.6247) : []
[!!!] CVE-2021-33910 (37.5) : []
** [5] threads completed [4 tasks] / [4.99 KB] within [3.27 sec].
** [ 2021-07-21 ]