An out-of-bounds write flaw was found in the Linux kernel’s seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion prior to performing operations.
From PCI DSS point of views, primary concerns are operating system user account security. Verification on the necessities of allowing access given to System, restrict only the mandatory rights to login with logging, ePBF etc. Patch management, especially critical, should be complete in 30 days.
Verify Operating System vendors have releasing relate patch and complete patch update within 1 month. If there are no updates from the vendors, necessary mitigation process should be in place. Patch updates resolving this vulnerability (CVE-2021-33909) noted by Qualys Security Research Team, see following form for Patch listing:
| Source | Risk level |
|---|---|
| NESSUS https://www.tenable.com/cve/CVE-2021-33909 | CVSS (v2) 7.2 |
| NIST NVD https://nvd.nist.gov/vuln/detail/CVE-2021-33909 | CVSS (v3) 7.8 |
| Redhat https://access.redhat.com/security/cve/cve-2021-33909 | CVSS (v3) 7.0 |
| CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33909 | Source: MITRE |
Update on 2021/09/10
Qualys Security Research Team has proven vulnerability by accessing root rights in vulnerable OS of : Ubuntu 20.04、Ubuntu 20.10、Ubuntu 21.04、Debian 11 and Fedora 34 Workstation. Other Linux OS may result in I.O.C. generate from this vulnerability. Linux Servers patch fix as follow:
| Operating System | Security patch link |
|---|---|
| Redhat | https://access.redhat.com/security/cve/cve-2021-33909 |
| CentOS | https://centosfaq.org/centos/its-been-six-days-since-cvd-2021-33909-was-patched-in-rhel-whats-the-holdup-for-stream-8/
https://centos.pkgs.org/8-stream/centos-baseos-x86_64/kernel-4.18.0-326.el8.x86_64.rpm.html |
| SUSE | https://www.suse.com/security/cve/CVE-2021-33909.html |
| ubuntu | https://ubuntu.com/security/CVE-2021-33909 |
Update on 2021/09/10
If there are no updates from the vendors, necessary mitigation process should be in place.
sysctl kernel.unprivileged_userns_clone=1 # unprivileged_userns_clone set as 0
sysctl kernel.unprivileged_bpf_disabled=1 # unprivileged_bpf_disabled set as 1
For technical details, please refer to below link:
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt

Max Tsai
• Payment Card Industry Security, IT Security Management, Cloud Service Management
• Professional certification: PCI DSS QSA, CISSP, ISMS LA
Secure Vectors Information Technologies Inc., is a consulting firm specialized in providing payment card related security consulting and assessment services. We provide comprehensive payment card related security consulting and certification services, including PCI DSS, PCI 3DS, PCI PIN Security Standards. Also providing personal data protection, GDPR compliance inspection and other consulting services. Headquartered in California, U.S., and with branch offices in Taiwan (Taipei), China (Beijing and Hunan), Vietnam (Hanoi), and Singapore. With over 70 percent market share in Taiwan and 8 years experiences in PCI compliance, we developed compliance management program and collaborating services to fit every business.
- PCI certification: securevectors.com
- SecuCollab collaborating service: secucollab.com
- SecuCompliance management program: www.secucompliance.com
You might also like
https://www.securevectors.com/wp-content/uploads/2026/07/640-e1782961071431.webp
460
1080
cosmos lin
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
cosmos lin2026-07-01 11:00:202026-07-03 09:44:51Cybersecurity | prEN 40000-11:2026: Hardware Devices with Security Containers (HWSB) · CRA Compliance Guide
https://www.securevectors.com/wp-content/uploads/2026/06/螢幕擷取畫面-2026-06-18-160958-e1781770399559.png
471
853
cosmos lin
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
cosmos lin2026-06-10 10:00:112026-06-30 17:50:56Who Protects Your Personal Privacy? — Understanding the ISO 27701 Privacy Information Management System
https://www.securevectors.com/wp-content/uploads/2026/06/640-1-e1781771368950.webp
312
508
cosmos lin
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
cosmos lin2026-06-09 10:00:122026-06-30 17:47:16A Guide to Understanding Internal Auditors for System Certification
https://www.securevectors.com/wp-content/uploads/2026/06/640-1-e1781772781464.png
459
1080
cosmos lin
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
cosmos lin2026-06-04 10:00:392026-07-01 13:56:07A Guide to Understanding ISO 27001 Information Security Management in the Medical Device Industry
https://www.securevectors.com/wp-content/uploads/2026/05/Design-03.png
1215
2430
Benson
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
Benson2026-05-21 09:59:302026-07-03 10:30:24Why Your ASV Scan Keeps Failing: CVSS Thresholds, False Positives & What to Fix
https://www.securevectors.com/wp-content/uploads/2026/06/640-2-e1781774836513.webp
460
1080
cosmos lin
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
cosmos lin2026-05-11 17:14:422026-06-30 17:43:33Understanding the ISO 13485 Medical Device Quality Management System in One Article
https://www.securevectors.com/wp-content/uploads/2026/06/cra-reporting-obligations.png
379
540
cosmos lin
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
cosmos lin2026-04-10 17:54:032026-06-30 17:38:15Cybersecurity | Countdown to the EU’s New CRA Regulations: Mandatory Reporting of Cybersecurity Incidents Starting in September 2026!
https://www.securevectors.com/wp-content/uploads/2025/10/ENG-1-scaled.jpg
1919
2560
Andrew
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
Andrew2025-10-21 14:10:182025-10-22 14:34:49Secure Vectors Accredited as a PCI DSS Approved Scanning Vendor (ASV)
https://www.securevectors.com/wp-content/uploads/2025/07/en-scaled.jpg
1919
2560
Andrew
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
Andrew2025-07-15 11:28:552025-07-15 13:48:26🔒 Microsoft Issues Major Security Update – 130 Vulnerabilities Patched!*For more information and inquiries please kindly email us at service@securevectors.com , our experts will answer all your questions as soon as possible.

