News

Bug in Linux kernel filesystem layer allowed getting root privileges

By admin
Spread the love

A bug in the Linux kernel made it possible for regular users to get root privileges on most distros. The local privilege escalation bug called Sequoia is in the filesystem layer.

The vulnerability was discovered by researchers from security firm Qualys. They track the bug under CVE-2021-33909, but they also call it Sequoia. This is a bug in the Linux file system layer. If an attacker can mount and then delete a file structure of certain length, an opportunity arises to perform an out-of-boundswrite that allows a local account to run code with root privileges.

The bug is in the seq_file interface. It contains a buffer and if this can be exceeded, the out-of-bounds can occur. According to the researchers, this is possible with a directory structure that is more than a gigabyte in length.

The vulnerability is in all Linux kernels between 3.16 and 5.13.x. In kernel version 5.13.4 the bug has been fixed. This makes most Linux systems vulnerable. The researchers say they were able to get full root rights at least on Ubuntu 20.04, 20.10 and 21.04, and on Debian 11 and Fedora 34. The latest kernel changelog states that the bug has been fixed in version 5.13.4. This has now been implemented by most major distros.

You might also like
News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

PC version Ratchet & Clank: Rift Apart required by DirectStorage 1.2 no SSD

News

AMD: Intel’s proposal for 64bit-only x86 architecture is very interesting

Exit mobile version