Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel’s filesystem layer on vulnerable devices.
As discovered by Qualys researchers, the LPE security flaw tracked as CVE-2021-33909 (dubbed Sequoia) is present in the filesystem layer used to manage user data, a feature universally used by all major (Linux) operating systems.
According to Qualys’ research, the vulnerability impacts all Linux kernel versions released since 2014.
Once successfully exploited on a vulnerable system, the attackers get full root privileges on default installations of many modern distributions.