An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges. This occurs because of an attempt to access the subjective credentials of another task. Reference: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3727a8bac0a9e77c70820655fd8715523ba3db7
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2019164]
This was fixed for Fedora with the 5.14.8 stable kernel updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-43057