Your submission was sent successfully! Close

CVE-2021-36084

Published: 1 July 2021

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).

Notes

AuthorNote
sbeattie
AppArmor is the default LSM in Ubuntu, issue only affects
compilation of selinux policy
trusty version predates the introduction of CIL
Priority

Low

CVSS 3 base score: 3.3

Status

Package Release Status
libsepol
Launchpad, Ubuntu, Debian
bionic
Released (2.7-1ubuntu0.1)
focal
Released (3.0-1ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish
Released (3.1-1ubuntu2.1)
jammy Not vulnerable
(3.3-1)
trusty Not vulnerable
(code not present)
upstream
Released (3.3-1)
xenial
Released (2.4-2ubuntu0.1~esm1)
Patches:
upstream: https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3