2019163 – (CVE-2021-43057) CVE-2021-43057 kernel: use-after-free in the SELinux handler for PTRACE_TRACEME

Bug 2019163 (CVE-2021-43057) - CVE-2021-43057 kernel: use-after-free in the SELinux handler for PTRACE_TRACEME

Summary: CVE-2021-43057 kernel: use-after-free in the SELinux handler for PTRACE_TRACEME

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2021-43057
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2008145 2019164 2020966 2021045
Blocks:	2019165
TreeView+	depends on / blocked

Reported:	2021-11-01 17:58 UTC by Guilherme de Almeida Suckevicz
Modified:	2022-05-17 11:45 UTC (History)
CC List:	45 users (show)
Fixed In Version:	kernel 5.15 rc3
Doc Type:	If docs needed, set a value
Doc Text:	A use-after-free read flaw was found in selinux_ptrace_traceme in security/selinux/hooks.c in SELinux handler for PTRACE_TRACEME in the Linux kernel. In this flaw, an attempt to access the subjective credentials of another task may cause memory corruption by a user with local access and escalate privileges.
Clone Of:
Environment:
Last Closed:	2022-05-17 11:45:18 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-11-01 17:58:02 UTC

An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges. This occurs because of an attempt to access the subjective credentials of another task.

Reference:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2229

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3727a8bac0a9e77c70820655fd8715523ba3db7

Comment 1 Guilherme de Almeida Suckevicz 2021-11-01 17:58:46 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2019164]

Comment 2 Justin M. Forbes 2021-11-02 20:51:22 UTC

This was fixed for Fedora with the 5.14.8 stable kernel updates.

Comment 9 Product Security DevOps Team 2022-05-17 11:45:15 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-43057

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bdettelb
bhu
blc
brdeoliv
bskeggs
chwhite
crwood
dhoward
dvlasenk
fhrbata
fpacheco
hdegoede
hkrzesin
jarod
jarodwilson
jburrell
jeremy
jforbes
jglisse
jlelli
jonathan
josef
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
masami256
mchehab
mlangsdo
nmurray
ptalbert
qzhao
rvrbovsk
steved
vkumar
walters
williams