Miggo Logo
Miggo Vulnerability Database
CVE-2021-36084

CVE-2021-36084: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from...

3.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-36084
GHSA ID
GHSA-8p9r-xrm6-68wq
EPSS Score
0.02525%
CWE
CWE-416
Published
5/24/2022
Updated
1/30/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the provided commit information (f34d3d30c8325e4847a6b696fe7a3936a8a361f3). The commit message explicitly identifies a heap-use-after-free in __cil_verify_classperms and provides a stack trace. The vulnerability occurs because cil_reset_classpermission did not properly destroy the classperms list, which __cil_verify_classperms later attempts to use. The patch modifies cil_reset_classpermission to correctly handle the list destruction. The functions __cil_verify_classpermission and __cil_pre_verify_helper are identified as callers in the stack trace leading to the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *IL *ompil*r in S*Linux *.* **s * us*-**t*r-*r** in __*il_v*ri*y_*l*ssp*rms (**ll** *rom __*il_v*ri*y_*l*ssp*rmission *n* __*il_pr*_v*ri*y_**lp*r).

Reasoning

T** *n*lysis is **s** on t** provi*** *ommit in*orm*tion (****************************************). T** *ommit m*ss*** *xpli*itly i**nti*i*s * ***p-us*-**t*r-*r** in `__*il_v*ri*y_*l*ssp*rms` *n* provi**s * st**k tr***. T** vuln*r**ility o**urs ****