LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros.

Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros.

The issue is a size_t-to-int type conversion vulnerability that resides in the filesystem layer used to manage user data in all major distros released since 2014.

“The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration.” reads the analysis published by Qualys.

The researchers also developed an exploit code for the issue that allowed them to achieve full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Experts pointed out that other major Linux distributions are likely impacted. Below a video PoC exploit for this vulnerability:

The Qualys Research Team has also discovered a stack exhaustion denial-of-service vulnerability, tracked as CVE-2021-33910, that affects the systemd utility.

systemd is a software suite that provides an array of system components for Linux operating systems. Its main aim is to unify service configuration and behavior across Linux distributions.

An unprivileged user can exploit the CVE-2021-33910 vulnerability to crash systemd and also trigger a kernel panic condition.

“This vulnerability was introduced in systemd v220 (April 2015) by commit 7410616c (“core: rework unit name validation and manipulation logic”), which replaced a strdup() in the heap with a strdupa() on the stack. Successful exploitation of this vulnerability allows any unprivileged user to cause denial of service via kernel panic.” reads the security advisory published by the experts.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Linux)

[adrotate banner=”5″]

[adrotate banner=”13″]