CVE-2021-46971
perf/core: Fix unconditional security_locked_down() call
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Fix unconditional security_locked_down() call
Currently, the lockdown state is queried unconditionally, even though
its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in
attr.sample_type. While that doesn't matter in case of the Lockdown LSM,
it causes trouble with the SELinux's lockdown hook implementation.
SELinux implements the locked_down hook with a check whether the current
task's type has the corresponding "lockdown" class permission
("integrity" or "confidentiality") allowed in the policy. This means
that calling the hook when the access control decision would be ignored
generates a bogus permission check and audit record.
Fix this by checking sample_type first and only calling the hook when
its result would be honored.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: perf/core: corrige la llamada incondicional a security_locked_down() Actualmente, el estado de bloqueo se consulta incondicionalmente, aunque su resultado se usa solo si el bit PERF_SAMPLE_REGS_INTR está establecido en attr.sample_type. Si bien eso no importa en el caso del Lockdown LSM, causa problemas con la implementación del gancho de bloqueo de SELinux. SELinux implementa el gancho lock_down comprobando si el tipo de tarea actual tiene el correspondiente permiso de clase de "bloqueo" ("integridad" o "confidencialidad") permitido en la política. Esto significa que llamar al enlace cuando se ignoraría la decisión de control de acceso genera una verificación de permisos y un registro de auditoría falsos. Solucione este problema verificando sample_type primero y solo llamando al gancho cuando se respete su resultado.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-27 CVE Reserved
- 2024-02-27 CVE Published
- 2024-02-28 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/b0c8fdc7fdb77586c3d1937050925b960743306e | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.4.117 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.117" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.10.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.10.35" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.11.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.11.19" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.12.2" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.13" | en |
Affected
| ||||||