SB2021070130 - Multiple vulnerabilities in SELinux
Published: July 1, 2021 Updated: April 27, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-36084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the __cil_verify_classperms() function in CIL compiler in SELinux. A local user can perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2021-36087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the ebitmap_match_any() function within the CIL compiler in SELinux. A local user can trigger an out-of-bounds read error and perform denial of service attack.
3) Use-after-free (CVE-ID: CVE-2021-36086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cil_reset_classpermission() function in CIL compiler in SELinux. A local user can perform a denial of service (DoS) attack.4) Use-after-free (CVE-ID: CVE-2021-36085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the __cil_verify_classperms() function in CIL compiler in SELinux. A local user can perform a denial of service (DoS) attack.Remediation
Install update from vendor's website.
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
- https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
- https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/
- https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
- https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
- https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba