A new major issue in the Linux kernel (up to 5.13.3) has been reported on June 7th, 2021. The vulnerability (CVE-2021-33909) affects most of Linux operating systems (kernel version 3.16 – 5.1.13) including ELinOS 6.2 and 7.0. It causes an integer overflow through insufficient restricted seq buffer allocations in the Linux kernel’s filesystem layer allowing unprivileged users/attackers to gain root privileges. A proof-of-concept exploit was created. We’ve prepared the fixes for the Linux kernel versions available in ELinOS 7.0 and 6.2. The fix can be provided to customers on request.
If you like to learn more about our security services, visit: https://www.sysgo.com/embedded-linux-security