Weak areas
Sequoia: A vulnerability caused by local privilege escalation in the file system layer of Linux (CVE-2021-33909)
Qualys security researchers have discovered a vulnerability in size_t-to-int type conversion in the file system layer of the Linux kernel that affects most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration.
About the Linux file system
A file system is an organization of data and metadata on a storage device. It controls how the data is stored and retrieved, and its most important function is the management of user data. The Linux file system interface is implemented as a layered architecture that separates the user interface layer from the file system implementation and from the drivers that manipulate the storage devices. It is the most important function of any operating system and is ubiquitous in all major Linux operating systems.
Impact
Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers were able to independently verify the vulnerability, develop an exploit, and gain full root privileges on standard installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are probably vulnerable and can probably be exploited.
Once the Qualys research team confirmed the vulnerability, Qualys sought responsible disclosure of the vulnerability and coordinated with vendors and open source distributions to make the vulnerability known. Given the breadth of the attack surface for this vulnerability, Qualys recommends that users apply patches to this vulnerability immediately. Qualys customers can search for CVE-2021-33909 in the vulnerability knowledgebase to identify all QIDs and assets that are vulnerable to this vulnerability.
CVE-2021-33910 Denial of Service (stack exhaustion) in systemd (PID 1)
The Qualys research team has discovered a stack exhaustion denial-of-service vulnerability in systemd, a near-ubiquitous utility on major Linux operating systems. Any unprivileged user can exploit this vulnerability to crash systemd and thus the entire operating system (a kernel panic).
About systemd
systemd is a software package included in most Linux-based operating systems. It provides a set of system components for Linux operating systems. It provides a system and service manager that runs as PID 1 and starts the rest of the system.
Impact
This vulnerability was introduced in systemd v220 (April 2015) by commit 7410616c (“core: rework unit name validation and manipulation logic”), which replaced a strdup() in the heap with a strdupa() on the stack. Successful exploitation of this vulnerability allows any unprivileged user to cause a denial-of-service via kernel panic.
Once the Qualys research team confirmed the vulnerability, Qualys assumed responsible disclosure of the vulnerability and coordinated with the authors and open source distributions to make the vulnerability known.
Upon successful exploitation of this vulnerability, an unprivileged user may cause a denial of service via a kernel panic.
Given the breadth of the attack surface for this vulnerability, Qualys recommends that users apply patches to this vulnerability immediately.
Qualys customers can search for CVE-2021-33910 in the vulnerability knowledgebase to identify all QIDs and assets that are vulnerable to this vulnerability.
If you are not a customer, start your free Qualys VMDR trial to get full access to the QIDs (detections) for CVE-2021-33910 so you can identify your vulnerable assets.
