CVE-2021-36087
Description
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
Risk Information
Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.015
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2021:4513) libsepol security update libsepol-debugsource-2.9-3.el8.i686.rpm | Linux |
| (RHSA-2021:4513) libsepol security update libsepol-debugsource-2.9-3.el8.x86_64.rpm | Linux |
| (RHSA-2021:4513) libsepol security update libsepol-2.9-3.el8.i686.rpm | Linux |
| (RHSA-2021:4513) libsepol security update libsepol-2.9-3.el8.x86_64.rpm | Linux |
| (RHSA-2021:4513)Moderate: security update libsepol-debuginfo-2.9-3.el8.i686.rpm | Linux |
| (RHSA-2021:4513)Moderate: security update libsepol-debuginfo-2.9-3.el8.x86_64.rpm | Linux |
| (RHSA-2021:4513) libsepol security update libsepol-devel-2.9-3.el8.i686.rpm | Linux |
| (RHSA-2021:4513) libsepol security update libsepol-devel-2.9-3.el8.x86_64.rpm | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) libsepol1_2.7-1ubuntu0.1_i386.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) libsepol1_2.7-1ubuntu0.1_amd64.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) libsepol1_3.0-1ubuntu0.1_i386.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) libsepol1_3.0-1ubuntu0.1_amd64.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) libsepol1_3.1-1ubuntu2.1_i386.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) libsepol1_3.1-1ubuntu2.1_amd64.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) sepol-utils_2.7-1ubuntu0.1_i386.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) sepol-utils_2.7-1ubuntu0.1_amd64.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) sepol-utils_3.0-1ubuntu0.1_i386.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) sepol-utils_3.0-1ubuntu0.1_amd64.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) sepol-utils_3.1-1ubuntu2.1_i386.deb | Linux |
| SELinux library for manipulating binary security policies (USN-5391-1) sepol-utils_3.1-1ubuntu2.1_amd64.deb | Linux |
| libsepol security update (RLSA-2021:4513) libsepol-2.9-3.el8.i686.rpm | Linux |
| libsepol security update (RLSA-2021:4513) libsepol-2.9-3.el8.x86_64.rpm | Linux |
| libsepol security update (RLSA-2021:4513) libsepol-devel-2.9-3.el8.i686.rpm | Linux |
| libsepol security update (RLSA-2021:4513) libsepol-devel-2.9-3.el8.x86_64.rpm | Linux |
| libsepol Security Update (ALAS-2023-017) libsepol-3.4-3.amzn2023.0.3.x86_64.rpm | Linux |
| libsepol Security Update (ALAS-2023-017) libsepol-devel-3.4-3.amzn2023.0.3.x86_64.rpm | Linux |
| libsepol Security Update (ALAS-2023-017) libsepol-utils-3.4-3.amzn2023.0.3.x86_64.rpm | Linux |
| libsepol Security Update (ALAS-2023-017) libsepol-static-3.4-3.amzn2023.0.3.x86_64.rpm | Linux |
| libsepol Security Update (ALAS-2023-2307) libsepol-2.5-10.amzn2.0.1.i686.rpm | Linux |
| libsepol Security Update (ALAS-2023-2307) libsepol-2.5-10.amzn2.0.1.x86_64.rpm | Linux |
| libsepol Security Update (ALAS-2023-2307) libsepol-devel-2.5-10.amzn2.0.1.x86_64.rpm | Linux |
| libsepol Security Update (ALAS-2023-2307) libsepol-static-2.5-10.amzn2.0.1.x86_64.rpm | Linux |
| Moderate: libsepol security update libsepol-2.9-3.el8.i686.rpm | Linux |
| Moderate: libsepol security update libsepol-2.9-3.el8.x86_64.rpm | Linux |
| Moderate: libsepol security update libsepol-devel-2.9-3.el8.i686.rpm | Linux |
| Moderate: libsepol security update libsepol-devel-2.9-3.el8.x86_64.rpm | Linux |
| libsepol Security Update (ALAS2-2023-2307) libsepol-2.5-10.amzn2.0.1.i686.rpm | Linux |
| libsepol Security Update (ALAS2-2023-2307) libsepol-2.5-10.amzn2.0.1.x86_64.rpm | Linux |
| libsepol Security Update (ALAS2-2023-2307) libsepol-devel-2.5-10.amzn2.0.1.x86_64.rpm | Linux |
| libsepol Security Update (ALAS2-2023-2307) libsepol-static-2.5-10.amzn2.0.1.x86_64.rpm | Linux |
| libsepol Security Update (ALAS2023-2023-017) libsepol-3.4-3.amzn2023.0.3.x86_64.rpm | Linux |
| libsepol Security Update (ALAS2023-2023-017) libsepol-devel-3.4-3.amzn2023.0.3.x86_64.rpm | Linux |
| libsepol Security Update (ALAS2023-2023-017) libsepol-static-3.4-3.amzn2023.0.3.x86_64.rpm | Linux |
| libsepol Security Update (ALAS2023-2023-017) libsepol-utils-3.4-3.amzn2023.0.3.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234