1979666 – (CVE-2021-36086) CVE-2021-36086 libsepol: use-after-free in cil_reset_classpermission()

Bug 1979666 (CVE-2021-36086) - CVE-2021-36086 libsepol: use-after-free in cil_reset_classpermission()

Summary: CVE-2021-36086 libsepol: use-after-free in cil_reset_classpermission()

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-36086
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2184112 (view as bug list)
Depends On:	1979667 1983523 1983524 1983525 1983527 1984931
Blocks:	1979670
TreeView+	depends on / blocked

Reported:	2021-07-06 16:54 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-04-18 15:07 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-11-10 00:23:51 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:4513	0	None	None	None	2021-11-09 19:03:36 UTC

Description Guilherme de Almeida Suckevicz 2021-07-06 16:54:38 UTC

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).

References:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml

Upstream patch:
https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8

Comment 1 Guilherme de Almeida Suckevicz 2021-07-06 16:54:57 UTC

Created libsepol tracking bugs for this issue:

Affects: fedora-all [bug 1979667]

Comment 4 Garrett Tucker 2021-07-26 13:53:50 UTC

selinux/libsepol is mostly local access and to perform this attack would require local access as compared to network access. An attacker would also require some form of privileges to write the policy file and compile the CIL. The availability impact is also low as this flaw would not cause a system wide or complete lack of availability. Instead the attack would only impact availability of selinux temporarily.

Comment 5 errata-xmlrpc 2021-11-09 19:03:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4513 https://access.redhat.com/errata/RHSA-2021:4513

Comment 6 Product Security DevOps Team 2021-11-10 00:23:48 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-36086

Comment 7 Guilherme de Almeida Suckevicz 2023-04-18 15:02:07 UTC

*** Bug 2184112 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.