Wind River Support Network

HomeSafety and Security NoticesWind River Security Vulnerability Notice: CVE-2021-33909 and CVE-2021-33910
Recommended

Wind River Security Vulnerability Notice: CVE-2021-33909 and CVE-2021-33910

Released: --

Summary

Wind River Security Vulnerability Notice: CVE-2021-33909 and CVE-2021-33910 of linux kernel and systemd

Affected Product Versions

Wind River Linux LTS 21, Wind River Linux CD, Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux 9, Wind River Linux 8

Description

CVE-2021-33909, CVE-2021-33910



CVE-2021-33909:

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

CVE-2021-33910:

basic/unit-name.c in systemd 220 through 248 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.


Affected Windriver Linux releases:

All releases including Wind River Linux CD, Wind River Linux LTS 21, Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux 9 and Wind River Linux 8.

Affected software components:

linux kernel and systemd

Affected hardware:

These are pure software issues.

Mitigation

All WRLinux releases after WRLinux-8 effected by this issue and need source patches to avoid it. For details please contact our support team.


Additional References

https://nvd.nist.gov/vuln/detail/CVE-2021-33910

https://nvd.nist.gov/vuln/detail/CVE-2021-33909



Changelog

  • 7/21/2021: Initial

Installation Notes

Please contact our support team to get detailed method to mitigate these CVE issues. Or waiting for our newest RCPL releases.

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube