All Products
Search

This Product

    Alibaba Cloud Linux:Fix the CVE-2021-33909 vulnerability in an Alibaba Cloud Linux instance

    Document Center

    Alibaba Cloud Linux:Fix the CVE-2021-33909 vulnerability in an Alibaba Cloud Linux instance

    Last Updated:May 22, 2025

    This topic describes the cause of and solutions to the CVE-2021-33909 vulnerability in an Elastic Compute Service (ECS) instance that runs Alibaba Cloud Linux 2 or 3.

    Problem description

    The CVE-2021-33909 vulnerability exists in an ECS instance with the following configurations and may cause a system failure:

    • Alibaba Cloud Linux 2

      • Image: Alibaba Cloud Linux 2.1903 LTS 64-bit.

      • Kernel version: kernel-4.19.91-24.al7 or earlier.

    • Alibaba Cloud Linux 3

      • Image: Alibaba Cloud Linux 3.2104 64-bit.

      • Kernel version: kernel-5.10.60-7.al8 or earlier.

    The following call stack information is displayed when a system failure occurs:

    [  415.961724] BUG: unable to handle kernel paging request at ffffb807c2f1aff6
[  415.963259] PGD 42f53b067 P4D 42f53b067 PUD 0
[  415.964201] Oops: 0002 [#1] SMP PTI
[  415.965026] CPU: 5 PID: 1537 Comm: seq_poc Kdump: loaded Tainted: G        W         4.19.91-23.al7.x86_64 #1
[  415.967154] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[  415.968353] RIP: 0010:__memcpy+0x12/0x20
[  415.969187] Code: 48 c1 e2 20 48 09 c2 48 31 d3 e9 68 ff ff ff 90 90 90 90 90 90 90 90 90 66 66 90 66 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4
[  415.973070] RSP: 0018:ffffb80802097dd8 EFLAGS: 00010202
[  415.974159] RAX: ffffb807c2f1aff6 RBX: ffff8a85f9593450 RCX: 0000000000000001
[  415.975638] RDX: 0000000000000002 RSI: ffffffff9b0c231c RDI: ffffb807c2f1aff6
[  415.977097] RBP: ffffb80842f1b000 R08: ffffffff9b0c231c R09: 0000000000000001
[  415.978563] R10: ffffe41e47d4fa80 R11: ffffe41e47d4fac0 R12: ffffffff9b0a9cc2
[  415.980168] R13: ffff8a87a83eaa00 R14: ffffb80802097f10 R15: ffff8a87ad6de700
[  415.981664] FS:  00007f9ef5d86740(0000) GS:ffff8a87afb40000(0000) knlGS:0000000000000000
[  415.983464] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  415.984722] CR2: ffffb807c2f1aff6 CR3: 0000000279c40005 CR4: 00000000000606e0
[  415.986253] Call Trace:
[  415.986802]  prepend+0x23/0x30
[  415.987517]  dentry_path+0x7e/0xa0
[  415.988249]  seq_dentry+0x36/0xa0
[  415.988954]  show_mountinfo+0x203/0x280
[  415.989764]  seq_read+0x14a/0x3d0
[  415.990514]  vfs_read+0x89/0x130
[  415.991209]  ksys_read+0x4a/0xc0
[  415.991898]  do_syscall_64+0x5b/0x1b0
[  415.992661]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  415.993713] RIP: 0033:0x7f9ef5891a30
[  415.994450] Code: 0b 31 c0 48 83 c4 08 e9 be fe ff ff 48 8d 3d c7 c3 09 00 e8 42 8c 02 00 66 90 83 3d 8d d5 2d 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 de cc 01 00 48 89 04 24
[  415.998217] RSP: 002b:00007f9ef5d84f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  415.999792] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ef5891a30
[  416.001249] RDX: 0000000000000400 RSI: 0000000000603240 RDI: 0000000000000003
[  416.002794] RBP: 00007f9ef5d84ff0 R08: 0000000000603240 R09: 00007f9ef58fcc30
[  416.004310] R10: 00007f9ef5d849e0 R11: 0000000000000246 R12: 0000000000400c00
[  416.005786] R13: 00007ffcf5fdd070 R14: 0000000000000000 R15: 0000000000000000
[  416.007255] Modules linked in: sunrpc intel_rapl_msr intel_rapl_common iosf_mbi sb_edac crct10dif_pclmul crc32_pclmul mousedev ghash_clmulni_intel pcbc aesni_intel psmouse i2c_piix4 crypto_simd cryptd pcspkr glue_helper ip_tables ata_generic pata_acpi cirrus drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm ata_piix uhci_hcd drm crc32c_intel libata serio_raw i2c_core floppy
[  416.014226] CR2: ffffb807c2f1aff6
[  416.014952] ---[ end trace 558647d5169dc4e0 ]---
[  416.015915] RIP: 0010:__memcpy+0x12/0x20
[  416.016733] Code: 48 c1 e2 20 48 09 c2 48 31 d3 e9 68 ff ff ff 90 90 90 90 90 90 90 90 90 66 66 90 66 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4
[  416.024072] RSP: 0018:ffffb80802097dd8 EFLAGS: 00010202
[  416.026964] RAX: ffffb807c2f1aff6 RBX: ffff8a85f9593450 RCX: 0000000000000001
[  416.030291] RDX: 0000000000000002 RSI: ffffffff9b0c231c RDI: ffffb807c2f1aff6
[  416.033583] RBP: ffffb80842f1b000 R08: ffffffff9b0c231c R09: 0000000000000001
[  416.036819] R10: ffffe41e47d4fa80 R11: ffffe41e47d4fac0 R12: ffffffff9b0a9cc2
[  416.040063] R13: ffff8a87a83eaa00 R14: ffffb80802097f10 R15: ffff8a87ad6de700
[  416.043332] FS:  00007f9ef5d86740(0000) GS:ffff8a87afb40000(0000) knlGS:0000000000000000
[  416.046754] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  416.049766] CR2: ffffb807c2f1aff6 CR3: 0000000279c40005 CR4: 00000000000606e0
[  416.052964] Kernel panic - not syncing: Fatal exception

    Cause

    The seq_buf_alloc function takes the 64-bit size_t (unsigned long) parameter. However, other kernel functions improperly cast the parameter to the int type, truncating the 64-bit value to 32 bits. This truncation vulnerability, if exploited, can lead to arbitrary code execution. It poses a risk for privilege escalation in a host environment and may result in host crashes or container escape in a container environment.

    Solution

    1. Run the following command to check the instance's kernel version: 

      uname -r

    2. Use one of the following methods based on your operating system and kernel version:

      Alibaba Cloud Linux 2

      Warning

      • Kernel upgrades may cause compatibility and stability issues. Review the kernel features in release notes for Alibaba Cloud Linux 2 and exercise caution when you upgrade the kernel version.

      • The restart operation temporarily stops the instance, which may interrupt running services and lead to data loss. Therefore, back up critical instance data and then restart the instance during off-peak hours.

      • For kernel versions earlier than 4.19.91-19.1.al7.x86_64, perform the following steps:

        1. Upgrade to the latest kernel version.

          sudo yum update kernel

        2. Restart the instance for the new kernel version to take effect.

          sudo reboot

        3. (Optional) If the issue persists after you upgrade the kernel version, run the following command to install a live kernel patch: 

          sudo yum install -y kernel-hotfix-5956925-`uname -r | awk -F"-" '{print $NF}'`

      • For kernel versions from 4.19.91-19.1.al7.x86_64 (inclusive) to 4.19.91-24.al7.x86_64 (inclusive), run the following command to install a live kernel patch:

        sudo yum install -y kernel-hotfix-5956925-`uname -r | awk -F"-" '{print $NF}'`

      Alibaba Cloud Linux 3

      Warning

      • Kernel upgrades may cause compatibility and stability issues. Review the kernel features in Release notes for Alibaba Cloud Linux 3 and exercise caution when you upgrade the kernel version.

      • The restart operation temporarily stops the instance, which may interrupt running services and lead to data loss. Therefore, back up critical instance data and then restart the instance during off-peak hours.

      1. Upgrade to the latest kernel version.

        sudo yum update kernel

      2. Restart the instance for the new kernel version to take effect.

        sudo reboot

      3. (Optional) If the issue persists after you upgrade the kernel version, run the following command to install a live kernel patch: 

        sudo yum install -y kernel-hotfix-5956925-`uname -r | awk -F"-" '{print $NF}'`