What is Sequoia Linux Bug?

Recently, Qualys, the security auditing firm, informed about a new vulnerability related to Linux. This newly found Linux bug, called Sequoia, can be tracked as CVE-2021–33909.

So, what’s about Sequoia? Well, it’s a size_t-to-int type conversion vulnerability that gives root-level privileges to the attackers on popular Linux distros, such as Fedora, Debian, and Ubuntu. The vulnerability was found in the filesystem layer, the Kernel layer that manages files in Linux.

By creating, mounting, and deleting a large directory structure that has a path length of more than 1 GB, the Sequoia Linux bug appears in the filesystem component. Then it grants any low-privileged local account to execute code with root privs.

In this report, Bharat Jogi, the security researcher of Qualys, mentioned that they have “obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation”. “Other Linux distributions are likely vulnerable and probably exploitable”, he added.

In early June Qualys informed the Linux kernel team about this kernel bug. Several Linus distros have released patches to address this vulnerability, now.

Sequoia can’t be used to break into Linux machines. But once the attackers have landed upon any system, the bug helps hijack the entire Operating System and makes it ideal to inflict damage.

This Linux bug has the power to impact Linux-operated devices, such as cloud infrastructure, servers, workstations, smartphones, and IoT devices.

A similar privilege escalation vulnerability, Dirty Cow, saw widespread use after it was brought into the limelight by security researchers in 2017. CVE-2016–5195 is the official reference for this bug.