Linux Kernel, Use-After-Free Vulnerability, CVE-2021-33909 (Critical)

Listen to this Post

The CVE-2021-33909 vulnerability, also known as “Sequoia,” is a use-after-free flaw in the Linux kernel’s filesystem layer. The issue resides in the `seq_file` interface within the `fs/seq_file.c` file. A critical integer overflow exists in the `seq_buf_alloc()` function when calculating the buffer size for a `miseq` iterator. By creating a directory with a pathname of excessive length (exceeding 1GB when stored), an attacker can trigger this integer overflow during a `readdir` or `getdents` syscall. This overflow leads to an undersized kernel buffer allocation. Subsequent operations then write beyond the allocated buffer’s bounds, corrupting adjacent kernel memory objects and ultimately freeing them. However, the `seq_file` iterator retains a reference to the now-freed memory, creating a exploitable use-after-free condition that can lead to arbitrary code execution with kernel privileges.
Platform: Linux Kernel
Version: 3.16 to 5.13

Vulnerability : Use-After-Free

Severity: Critical

date: 2021-07-20

Prediction: 2021-07-27

What Undercode Say:

`ls /tmp/AAAAAAAA…[over 1GB long]…`

`getdents64 syscall`

`kmalloc-4096 slab corruption`

`commit 0c3e247c9ef5b6b44df6bff6f5f2e805323ae2c9`

How Exploit:

Craft long directory path.

Trigger `getdents64` syscall.

Overflow `seq_file` buffer.

Execute arbitrary code.

Protection from this CVE

Update kernel >=5.13.4.

Apply vendor patches.

Restrict user namespaces.

Impact:

Local Privilege Escalation.

Full System Compromise.

Kernel Memory Corruption.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top