diff options
Diffstat (limited to 'cve/published/2021/CVE-2021-47218.mbox')
-rw-r--r-- | cve/published/2021/CVE-2021-47218.mbox | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/cve/published/2021/CVE-2021-47218.mbox b/cve/published/2021/CVE-2021-47218.mbox new file mode 100644 index 00000000..c3e58c0e --- /dev/null +++ b/cve/published/2021/CVE-2021-47218.mbox @@ -0,0 +1,74 @@ +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47218: selinux: fix NULL-pointer dereference when hashtab allocation fails +Message-Id: <2024041006-CVE-2021-47218-cdc8@gregkh> +Content-Length: 2321 +Lines: 57 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2379; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=FFCDFPYeNBVGAGudy5jsYCQjx5fwT/UwKAvtgP7upNM=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGlij/R4Z1uxnuBTc1coEd/59d/ft11fOXMv7TV7piOe/ + mqRWNiLjlgWBkEmBlkxRZYv23iO7q84pOhlaHsaZg4rE8gQBi5OAZjIDCOGBZM2NH5wevqm6P+J + e8UTwvZccn1g+olhrhDbJ5tTHRabrv8VXzlzX5emtWnrHQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +selinux: fix NULL-pointer dereference when hashtab allocation fails + +When the hash table slot array allocation fails in hashtab_init(), +h->size is left initialized with a non-zero value, but the h->htable +pointer is NULL. This may then cause a NULL pointer dereference, since +the policydb code relies on the assumption that even after a failed +hashtab_init(), hashtab_map() and hashtab_destroy() can be safely called +on it. Yet, these detect an empty hashtab only by looking at the size. + +Fix this by making sure that hashtab_init() always leaves behind a valid +empty hashtab when the allocation fails. + +The Linux kernel CVE team has assigned CVE-2021-47218 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.8 with commit 03414a49ad5f and fixed in 5.10.82 with commit b17dd53cac76 + Issue introduced in 5.8 with commit 03414a49ad5f and fixed in 5.15.5 with commit 83c8ab8503ad + Issue introduced in 5.8 with commit 03414a49ad5f and fixed in 5.16 with commit dc27f3c5d10c + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47218 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + security/selinux/ss/hashtab.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/b17dd53cac769dd13031b0ca34f90cc65e523fab + https://git.kernel.org/stable/c/83c8ab8503adf56bf68dafc7a382f4946c87da79 + https://git.kernel.org/stable/c/dc27f3c5d10c58069672215787a96b4fae01818b |