CVE-2021-36085: Use After Free
First published: Thu Jul 01 2021(Updated: )
SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in __cil_verify_classperms. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SELinux Project SELinux | =3.2 | |
| Fedoraproject Fedora | =35 | |
| IBM QRadar SIEM | <=7.5.0 GA | |
| IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
| IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
- https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/204794
- https://www.ibm.com/support/pages/node/6574787 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
Frequently Asked Questions
What is CVE-2021-36085?
CVE-2021-36085 is a vulnerability in SELinux Project SELinux that allows a local attacker to cause a denial of service.
What is the severity of CVE-2021-36085?
CVE-2021-36085 has a severity rating of 6.2 (Medium).
How can CVE-2021-36085 be exploited?
CVE-2021-36085 can be exploited by sending a specially-crafted request to trigger a use-after-free vulnerability in __cil_verify_classperms.
Which software is affected by CVE-2021-36085?
IBM QRadar SIEM versions 7.5.0 GA, 7.4.3 GA - 7.4.3 FP4, and 7.3.3 GA - 7.3.3 FP10 are affected by CVE-2021-36085.
How can I patch the vulnerability CVE-2021-36085?
You can patch the vulnerability by applying the following patches provided by IBM: For QRadar SIEM version 7.5.0 GA: [Patch Link](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220215133427&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true), For QRadar SIEM version 7.4.3 GA - 7.4.3 FP4: [Patch Link](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220307203834&includeRequisites=1&includeSupersedes=0&downloadMethod=http), For QRadar SIEM version 7.3.3 GA - 7.3.3 FP10: [Patch Link](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220318161607&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR).
- collector/nvd-index
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/selinux project
- canonical/selinux project selinux
- version/selinux project selinux/3.2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 ga
- version/ibm qradar siem/7.4.3 ga - 7.4.3 fp4
- version/ibm qradar siem/7.3.3 ga - 7.3.3 fp10