CVE-2021-46971

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in attr.sample_type. While that doesn't matter in case of the Lockdown LSM, it causes trouble with the SELinux's lockdown hook implementation. SELinux implements the locked_down hook with a check whether the current task's type has the corresponding "lockdown" class permission ("integrity" or "confidentiality") allowed in the policy. This means that calling the hook when the access control decision would be ignored generates a bogus permission check and audit record. Fix this by checking sample_type first and only calling the hook when its result would be honored.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

08 Jan 2025, 17:26

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3
First Time Linux
Linux linux Kernel
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b - () https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b - Patch
References () https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce - () https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce - Patch
References () https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff - () https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff - Patch
References () https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1 - () https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1 - Patch
References () https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e - () https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e - Patch

21 Nov 2024, 06:35

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b - () https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b -
References () https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce - () https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce -
References () https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff - () https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff -
References () https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1 - () https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1 -
References () https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e - () https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e -

28 Feb 2024, 14:06

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: perf/core: corrige la llamada incondicional a security_locked_down() Actualmente, el estado de bloqueo se consulta incondicionalmente, aunque su resultado se usa solo si el bit PERF_SAMPLE_REGS_INTR está establecido en attr.sample_type. Si bien eso no importa en el caso del Lockdown LSM, causa problemas con la implementación del gancho de bloqueo de SELinux. SELinux implementa el gancho lock_down comprobando si el tipo de tarea actual tiene el correspondiente permiso de clase de "bloqueo" ("integridad" o "confidencialidad") permitido en la política. Esto significa que llamar al enlace cuando se ignoraría la decisión de control de acceso genera una verificación de permisos y un registro de auditoría falsos. Solucione este problema verificando sample_type primero y solo llamando al gancho cuando se respete su resultado.

27 Feb 2024, 19:04

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-27 19:04

Updated : 2025-01-08 17:26


NVD link : CVE-2021-46971

Mitre link : CVE-2021-46971

CVE.ORG link : CVE-2021-46971


JSON object : View

Products Affected

linux

  • linux_kernel