{"uuid": "1effd829-86e1-4914-b527-bf46b52f8639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-33909", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/97", "content": "Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)\n\nQualys security advisory about a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer.\n\nBy creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string \"//deleted\" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.\n\nReport: https://www.openwall.com/lists/oss-security/2021/07/20/1", "creation_timestamp": "2021-07-21T13:53:35.000000Z"}