CVE-2021-33909

HIGH

Linux Kernel 3.16-5.13.x < 5.13.4 - Integer Overflow and Out-of-bounds Write in seq_file

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2021-33909. PoCs published by Liang2580, ChrisTheCoolHut, baerwolf.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-33909, a size_t-to-int vulnerability in Linux's filesystem layer. The exploit leverages a type conversion flaw to achieve local privilege escalation by manipulating directory structures and user namespaces.

Description

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Exploits (4)

nomisec WORKING POC 78 stars
by Liang2580 · poc
https://github.com/Liang2580/CVE-2021-33909

This repository contains a functional exploit for CVE-2021-33909, a size_t-to-int vulnerability in Linux's filesystem layer. The exploit leverages a type conversion flaw to achieve local privilege escalation by manipulating directory structures and user namespaces.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (filesystem layer)
No auth needed
Prerequisites: Local access to the system · Ability to create directories and mount points
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 46 stars
by ChrisTheCoolHut · poc
https://github.com/ChrisTheCoolHut/CVE-2021-33909

This repository contains a functional exploit for CVE-2021-33909, a size_t-to-int vulnerability in the Linux filesystem layer. The exploit leverages user namespace and mount namespace manipulations to trigger the vulnerability, potentially leading to local privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (specific versions affected by CVE-2021-33909)
No auth needed
Prerequisites: Linux system with vulnerable kernel · User namespace access · Ability to create mount namespaces
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 6 stars
by baerwolf · poc
https://github.com/baerwolf/cve-2021-33909

This repository contains a functional kernel module that patches CVE-2021-33909 at runtime using kprobes to replace vulnerable functions in the Linux kernel's filesystem layer. The module intercepts calls to seq_read_iter, seq_lseek, and single_open_size to mitigate the vulnerability.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel (versions < 5.13.4, specifically affecting seq_file operations)
No auth needed
Prerequisites: Kernel headers for module compilation · Ability to load kernel modules (root or CAP_SYS_MODULE)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 5 stars
by bbinfosec43 · poc
https://github.com/bbinfosec43/CVE-2021-33909

This repository contains a functional exploit for CVE-2021-33909, a size_t-to-int vulnerability in Linux's filesystem layer (Sequoia). The exploit leverages a user namespace and filesystem operations to trigger a crash, demonstrating the vulnerability.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (specific versions affected by CVE-2021-33909)
No auth needed
Prerequisites: Linux system with vulnerable kernel · Ability to create user namespaces
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (20)

Core 20
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4941
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/07/22/7
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/08/25/10
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/09/17/2
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/09/17/4
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/09/21/1
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/07/20/1
Mailing List, Patch, Vendor Advisory x_refsource_confirm
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210819-0004/
Third Party Advisory x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015

Scores

CVSS v3 7.8
EPSS 0.0981
EPSS Percentile 94.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190 CWE-787
Status published
Products (11)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 34
linux/linux_kernel 3.12.43 - 3.13
netapp/hci_management_node
netapp/solidfire
oracle/communications_session_border_controller 8.2
oracle/communications_session_border_controller 8.3
oracle/communications_session_border_controller 8.4
oracle/communications_session_border_controller 9.0
... and 1 more
Published Jul 20, 2021
Tracked Since Feb 18, 2026