1192260 – (CVE-2021-43057) VUL-0: CVE-2021-43057: kernel-source-azure,kernel-source-rt,kernel-source: use-after-free in the SELinux handler for PTRACE_TRACEME

Bug 1192260 (CVE-2021-43057) - VUL-0: CVE-2021-43057: kernel-source-azure,kernel-source-rt,kernel-source: use-after-free in the SELinux handler for PTRACE_TRACEME

Summary: VUL-0: CVE-2021-43057: kernel-source-azure,kernel-source-rt,kernel-source: u...

Status:	RESOLVED FIXED

Alias:	CVE-2021-43057

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Kernel Bugs
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/313716/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-11-02 15:10 UTC by Gianluca Gabrielli
Modified:	2024-06-25 16:25 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gianluca Gabrielli 2021-11-02 15:10:50 UTC

An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges. This occurs because of an attempt to access the subjective credentials of another task.

Reference:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2229

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3727a8bac0a9e77c70820655fd8715523ba3db7

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2019163
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43057
https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43057
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.8
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3727a8bac0a9e77c70820655fd8715523ba3db7

Comment 1 Gianluca Gabrielli 2021-11-02 15:12:06 UTC

Only SLE15-SP4 and stable contains the two offending commits (eb1231f73c4d, 1fb057dcde11) and also contains the fixing commit a3727a8bac0a9e77c70820655fd8715523ba3db7.

Comment 2 Takashi Iwai 2021-11-02 15:28:59 UTC

FYI, we usually update the patch reference tags.  So will do for SLE15-SP4 branch, at least.