Skip to main content
Skip table of contents

ISN 2021-04: IGEL OS Kernel Privilege Escalation

Announced 23 July 2021

Updated 23 September 2021 (IGEL OS 11.06.100 is now available)

CVSS 3.1 Score: 7.8 (High)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

A local privilege escalation vulnerability affects the following IGEL products:

  • IGEL OS 11

  • IGEL OS 10

Details

A research team from Qualys has discovered a vulnerability in the Linux kernel’s filesystem layer (CVE-2021-33909). An unprivileged local user can use it to gain root privileges.

Update Instructions

  • IGEL OS 11: Upgrade to IGEL OS 11.06.100

  • IGEL OS 10: Upgrade to IGEL OS 11

Mitigation

  • Disable terminal access for the user, see IGEL OS > Versions of IGEL OS > (11.09.310-en) IGEL OS > (11.09.310-en) IGEL OS Articles > (11.09.310-en) Security > (11.09.310-en) Security IGEL OS Endpoints > (11.09.310-en) Disabling Access to Components > (11.09.310-en) Disabling Local Terminal Access.

  • Disable virtual console access, see IGEL OS > Versions of IGEL OS > (11.09.310-en) IGEL OS > (11.09.310-en) IGEL OS Articles > (11.09.310-en) Security > (11.09.310-en) Security IGEL OS Endpoints > (11.09.310-en) Disabling Access to Components > (11.09.310-en) Disabling Virtual Console Access

  • As the attack relies on mounting user-controlled filesystems, disable mounting of filesystems by the user:

    • Disable storage hotplug (disabled by default), see IGEL OS > Versions of IGEL OS > (11.09.310-en) IGEL OS > (11.09.310-en) IGEL OS Articles > (11.09.310-en) Security > (11.09.310-en) Security IGEL OS Endpoints > (11.09.310-en) Minimizing the Attack Surface > (11.09.310-en) Disabling Storage Hotplug.

    • Remove the Mobile Device Access USB feature (removed by default), see IGEL OS > Versions of IGEL OS > (11.09.310-en) IGEL OS > (11.09.310-en) IGEL OS Articles > (11.09.310-en) Security > (11.09.310-en) Security IGEL OS Endpoints > (11.09.310-en) Minimizing Attack Surface > (11.09.310-en) Removing Unused Features.

  • Qualys has published mitigations for the specific exploit that their researchers used (other exploitation techniques may exist): https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.