CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2021-36087 – libsepol: heap-based buffer overflow in ebitmap_match_any()
https://notcve.org/view.php?id=CVE-2021-36087
01 Jul 2021 — The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. El compilador CIL en SELinux 3.2 tiene una sobrelectura del búfer basada en el montón en ebitmap_match_any (llamado indirectamente desde cil_check_neverallow). Esto ocurre porque a veces no se comprueban las declaraciones no válidas en un bloque opcional Red Hat Advanced Clust... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2021-36086 – libsepol: use-after-free in cil_reset_classpermission()
https://notcve.org/view.php?id=CVE-2021-36086
01 Jul 2021 — The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). El compilador CIL en SELinux versión 3.2, presenta un uso de la memoria previamente liberada en la función cil_reset_classpermission (llamado desde cil_reset_classperms_set y cil_reset_classperms_list) Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address commo... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2021-36085 – libsepol: use-after-free in __cil_verify_classperms()
https://notcve.org/view.php?id=CVE-2021-36085
01 Jul 2021 — The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). El compilador CIL en SELinux versión 3.2, presenta un uso de la memoria previamente liberada en la función __cil_verify_classperms (llamado desde __verify_map_perm_classperms y hashtab_map) Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that admini... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2021-36084 – libsepol: use-after-free in __cil_verify_classperms()
https://notcve.org/view.php?id=CVE-2021-36084
01 Jul 2021 — The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). El compilador CIL en SELinux versión 3.2,, presenta un uso de la memoria previamente liberada en la función __cil_verify_classperms (llamado desde __cil_verify_classpermission y __cil_pre_verify_helper) Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address comm... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1063 – policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead
https://notcve.org/view.php?id=CVE-2018-1063
02 Mar 2018 — Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. El reetiquetado de contexto de sistemas de archivos es vulnerable a ataques de enlace simbólico, lo que permite que u... • https://access.redhat.com/errata/RHSA-2018:0913 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-282: Improper Ownership Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3170
https://notcve.org/view.php?id=CVE-2015-3170
21 Jul 2017 — selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. La política selinux cuando fs.protected_hardlinks de sysctl se ajusta en 0 permite a los usuarios locales causar una denegación de servicio (prevención de inicio de sesión SSH) creando un enlace físico a /etc/passwd desde un directorio llamado .config y actualizando la política ... • https://bugzilla.redhat.com/show_bug.cgi?id=1218672 • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
https://notcve.org/view.php?id=CVE-2016-7545
14 Nov 2016 — SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context ... • http://rhn.redhat.com/errata/RHSA-2016-2702.html • CWE-284: Improper Access Control •