SpirityCVE

Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Openatom	Openeuler
Redhat	Enterprise Linux Logging Rhel Eus Rhev Hypervisor

Configuration 1 [-]

OR	cpe:2.3:o:openatom:openeuler:::::-:-::
	cpe:2.3:o:openatom:openeuler:::::-:linux::
	cpe:2.3:o:openatom:openeuler:::::-:-::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-513.24.1.rt7.326.el8_9	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:1614	2024-04-02T00:00:00Z
kernel-0:4.18.0-513.24.1.el8_9	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:1607	2024-04-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.98.1.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:1653	2024-04-03T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.55.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:2621	2024-04-30T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-284.11.1.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2458	2023-05-09T00:00:00Z
kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2	cpe:/a:redhat:enterprise_linux:9::nfv	RHSA-2023:2148	2023-05-09T00:00:00Z
kernel-0:5.14.0-284.11.1.el9_2	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:2458	2023-05-09T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
kernel-0:5.14.0-70.97.1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:1836	2024-04-16T00:00:00Z
kernel-rt-0:5.14.0-70.97.1.rt21.169.el9_0	cpe:/a:redhat:rhel_eus:9.0::nfv	RHSA-2024:1840	2024-04-16T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.98.1.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:1653	2024-04-03T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.7.13-16	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.7.13-7	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-408	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.7.13-19	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-480	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.7.13-9	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-248	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-215	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-431	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-228	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-471	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-15	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.7.13-3	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.7.13-27	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.7.13-12	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-527	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-225	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.28.1-57	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z

References

Link	Providers
https://www.spirityenterprise.com/pentest
https://www.spirityenterprise.com/managed-detection-response
http://www.openwall.com/lists/oss-security/2024/01/30/10
http://www.openwall.com/lists/oss-security/2024/01/30/3
http://www.openwall.com/lists/oss-security/2024/01/30/4
http://www.openwall.com/lists/oss-security/2024/01/30/5
http://www.openwall.com/lists/oss-security/2024/01/30/9
http://www.openwall.com/lists/oss-security/2024/01/31/2
http://www.openwall.com/lists/oss-security/2024/01/31/3
http://www.openwall.com/lists/oss-security/2024/02/02/6
http://www.openwall.com/lists/oss-security/2024/02/02/9
http://www.openwall.com/lists/oss-security/2024/02/03/1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8
https://gitee.com/src-openeuler/kernel/pulls/1389
https://gitee.com/src-openeuler/kernel/pulls/1396
https://nvd.nist.gov/vuln/detail/CVE-2021-33631
https://seclists.org/oss-sec/2024/q1/65
https://www.cve.org/CVERecord?id=CVE-2021-33631
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1032
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1033
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1034
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1035

History

Wed, 02 Apr 2025 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openatom Openatom openeuler
CPEs	cpe:2.3:o:huawei:openeuler:::::-:-:: cpe:2.3:o:huawei:openeuler:::::-:linux::	cpe:2.3:o:openatom:openeuler:::::-:-:: cpe:2.3:o:openatom:openeuler:::::-:linux::
Vendors & Products	Huawei Huawei openeuler	Openatom Openatom openeuler

Fri, 14 Feb 2025 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Feb 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description	Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.	Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.

MITRE

Status: PUBLISHED

Assigner: openEuler

Published: 2024-01-18T15:05:58.610Z

Updated: 2025-02-13T16:28:21.561Z

Reserved: 2021-05-28T14:26:05.941Z

Link: CVE-2021-33631

Vulnrichment

Updated: 2024-08-03T23:58:21.529Z

NVD

Status : Modified

Published: 2024-01-18T15:15:08.860

Modified: 2025-04-02T18:33:53.340

Link: CVE-2021-33631

Redhat

Severity : Moderate

Publid Date: 2024-01-18T00:00:00Z

Links: CVE-2021-33631 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object