Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-36085

Published: 1 July 2021

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).

From the Ubuntu Security Team

sbeattie> AppArmor is the default LSM in Ubuntu, issue only affects compilation of selinux policy sbeattie> trusty version predates the introduction of CIL

Priority

Low

Cvss 3 Severity Score

3.3

Score breakdown

Status

Package Release Status
libsepol
Launchpad, Ubuntu, Debian
focal
Released (3.0-1ubuntu0.1)
impish
Released (3.1-1ubuntu2.1)
jammy Not vulnerable
(3.3-1)
xenial
Released (2.4-2ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
groovy Ignored
(end of life)
hirsute Ignored
(end of life)
trusty Not vulnerable
(code not present)
upstream
Released (3.3-1)
bionic
Released (2.7-1ubuntu0.1)
Patches:
upstream: https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba

Severity score breakdown

Parameter Value
Base score 3.3
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L