CVE-2021-36086: Use After Free
First published: Thu Jul 01 2021(Updated: )
SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in cil_reset_classpermission . By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SELinux Project SELinux | ||
| Fedoraproject Fedora | =35 | |
| IBM QRadar SIEM | <=7.5.0 GA | |
| IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
| IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
- https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/204795
- https://www.ibm.com/support/pages/node/6574787 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-36086.
What is the severity of CVE-2021-36086?
The severity of CVE-2021-36086 is medium with a severity value of 6.2.
How does CVE-2021-36086 affect SELinux Project SELinux?
CVE-2021-36086 affects SELinux Project SELinux by causing a denial of service through a use-after-free in cil_reset_classpermission.
How can I fix CVE-2021-36086 for IBM QRadar SIEM version 7.5.0 GA?
You can fix CVE-2021-36086 for IBM QRadar SIEM version 7.5.0 GA by applying the patch available at this URL: [link].
How can I fix CVE-2021-36086 for IBM QRadar SIEM version 7.4.3 GA - 7.4.3 FP4?
You can fix CVE-2021-36086 for IBM QRadar SIEM version 7.4.3 GA - 7.4.3 FP4 by applying the patch available at this URL: [link].
How can I fix CVE-2021-36086 for IBM QRadar SIEM version 7.3.3 GA - 7.3.3 FP10?
You can fix CVE-2021-36086 for IBM QRadar SIEM version 7.3.3 GA - 7.3.3 FP10 by applying the patch available at this URL: [link].
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-36086?
The Common Weakness Enumeration (CWE) ID for CVE-2021-36086 is 416.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/selinux project
- canonical/selinux project selinux
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 ga
- version/ibm qradar siem/7.4.3 ga - 7.4.3 fp4
- version/ibm qradar siem/7.3.3 ga - 7.3.3 fp10