Sequoia Vulnerability Allows Root Privileges in Linux (CVE-2021-33909)

Sequoia Vulnerability Allows Root Privileges in Linux (CVE-2021-33909)

A new file system vulnerability dubbed as Sequoia (CVE-2021-33909) allows attackers to gain root privileges on most Linux distributions with their default configuration.

Overview

A new file system vulnerability dubbed as Sequoia (CVE-2021-33909) allows attackers to gain root privileges on most Linux distributions with their default configuration.

Description

Researchers from the cyber security company Qualys discovered a new local privilege escalation vulnerability that affect most Linux distributions such as Ubuntu, Debian and Fedora. Dubbed as Sequoia (CVE-2021-33909), the new vulnerability allows attackers to gain root privileges due to a vulnerability that exist in the Linux kernel’s file system.

Specifically the discovered bug is an integer overflow type vulnerability (A type of Buffer Overflow that allows out-of-bounds writes) that arise from a variable type conversion issue (size-t to int). For the exploitation of the Sequoia vulnerability, an unprivileged attacker can create, mount and delete a deep directory structure whose path length exceeds 1GB and then read the /proc/self/mountinfo file, as described at the Qualys Security Advisory on CVE-2021-33909.

To learn more about the vulnerability and its exploitation steps, you could either refer to the blog post (Qualys Security Blog on CVE-2021-33909) or check the below video shared by the Qualys.

Sequoia: Local Privilege Escalation Vulnerability in Linux File System (CVE-2021-33909)

Impact

An unprivileged local attacker can obtain root privileges by exploiting the integer overflow vulnerability (CVE-2021-33909) that exist in the Linux kernel’s file system.

Impact Summary

Category: Elevation of Privilege (Root User)
CVSS 3.1 Base Score: 7.8 High
CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Solution

To remediate the Sequoia Linux privilege escalation vulnerability (CVE-2021-33909), Linux kernels needs to be patched/upgraded to the most recent releases.

Though not tested against all possible exploit variations of the the Sequoia vulnerability, the following mitigations could be applied to change the vulnerable default configurations (As illustrated in Figure 1) to protect against the PoC developed by Qualys:

  • Set /proc/sys/kernel/unprivileged_userns_clone to 0.
  • Set /proc/sys/kernel/unprivileged_bpf_disabled to 1.
Figure 1: Vulnerable Default Configurations of the Two Files in /proc/sys/kernel Directory
Quote by Edsger Dijkstra
Quote by Edsger Dijkstra

If debugging is the process of removing software bugs, then programming must be the process of putting them in.

Edsger Dijkstra

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

References to Other Linux Vulnerabilities

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?

To learn more on Linux, you could also read our article Basic Linux Commands for Beginners or visit Linux Resources Page.