Wiz
Vulnerability DatabaseCVE-2021-33909

CVE-2021-33909
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2021-33909 is a sizet-to-int conversion vulnerability discovered in the Linux kernel's filesystem layer, affecting versions 3.16 through 5.13.x before 5.13.4. The vulnerability was discovered by Qualys Research Labs and disclosed on July 20, 2021. The vulnerability affects the seqfile interface in the Linux kernel's filesystem layer (Qualys Advisory).

Technical details

The vulnerability exists in the Linux kernel's seqfile interface which produces virtual files containing sequences of records. The issue occurs when a sizet value (64-bit unsigned integer) is passed to functions expecting an int parameter (32-bit signed integer). This conversion happens in the showmountinfo() function when handling /proc/self/mountinfo data. The vulnerability was introduced in July 2014 by commit 058504ed ('fs/seqfile: fallback to vmalloc allocation'). The issue was fixed in Linux kernel 5.13.4 with commit 8cae8cd89f05 which added a limit to seq buffer allocations (Kernel Commit).

Impact

When successfully exploited, this vulnerability allows an unprivileged local attacker to gain full root privileges on affected systems. The vulnerability has been confirmed to be exploitable on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. The exploit requires approximately 5GB of memory and 1M inodes (Qualys Advisory).

Mitigation and workarounds

The primary mitigation is to update to Linux kernel version 5.13.4 or later which contains the fix. Temporary workarounds include setting /proc/sys/kernel/unprivilegedusernsclone to 0 to prevent attackers from mounting directories in user namespaces, and setting /proc/sys/kernel/unprivilegedbpfdisabled to 1 to prevent attackers from loading eBPF programs. However, these workarounds only prevent specific exploitation techniques and do not fix the underlying vulnerability (Qualys Advisory).

Community reactions

The vulnerability was assigned a CVSS score of 7.8 (HIGH) due to its local privilege escalation capabilities. Major Linux distributions quickly released patches, including Red Hat, Debian, and Ubuntu. The vulnerability was dubbed 'Sequoia' by Qualys and received significant attention in the security community due to its widespread impact and the detailed technical analysis provided by Qualys (Red Hat Security Bulletin).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40343MEDIUM6.4
  • Linux KernelLinux Kernel
  • linux-aws-fips
NoYesDec 09, 2025
CVE-2025-40342MEDIUM6.4
  • Linux KernelLinux Kernel
  • linux-azure-5.4
NoYesDec 09, 2025
CVE-2025-40341MEDIUM5.1
  • Linux KernelLinux Kernel
  • libperf-devel
NoYesDec 09, 2025
CVE-2025-40345N/AN/A
  • Linux KernelLinux Kernel
  • kernel-firmware
NoYesDec 12, 2025
CVE-2025-40344N/AN/A
  • Linux KernelLinux Kernel
  • linux-riscv
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo