Announced 23 July 2021

Updated 23 September 2021 (IGEL OS 11.06.100 is now available)

CVSS 3.1 Score: 7.8 (High)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

A local privilege escalation vulnerability affects the following IGEL products:

  • IGEL OS 11
  • IGEL OS 10

Details

A research team from Qualys has discovered a vulnerability in the Linux kernel’s filesystem layer (CVE-2021-33909). An unprivileged local user can use it to gain root privileges.

Update Instructions

  • IGEL OS 11: Upgrade to IGEL OS 11.06.100
  • IGEL OS 10: Upgrade to IGEL OS 11

Mitigation

References