ghsa-hmgx-rfwx-3mvq
Vulnerability from github
Published
2024-02-27 21:31
Modified
2024-02-27 21:31
Details

In the Linux kernel, the following vulnerability has been resolved:

perf/core: Fix unconditional security_locked_down() call

Currently, the lockdown state is queried unconditionally, even though its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in attr.sample_type. While that doesn't matter in case of the Lockdown LSM, it causes trouble with the SELinux's lockdown hook implementation.

SELinux implements the locked_down hook with a check whether the current task's type has the corresponding "lockdown" class permission ("integrity" or "confidentiality") allowed in the policy. This means that calling the hook when the access control decision would be ignored generates a bogus permission check and audit record.

Fix this by checking sample_type first and only calling the hook when its result would be honored.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-46971"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T19:04:07Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix unconditional security_locked_down() call\n\nCurrently, the lockdown state is queried unconditionally, even though\nits result is used only if the PERF_SAMPLE_REGS_INTR bit is set in\nattr.sample_type. While that doesn\u0027t matter in case of the Lockdown LSM,\nit causes trouble with the SELinux\u0027s lockdown hook implementation.\n\nSELinux implements the locked_down hook with a check whether the current\ntask\u0027s type has the corresponding \"lockdown\" class permission\n(\"integrity\" or \"confidentiality\") allowed in the policy. This means\nthat calling the hook when the access control decision would be ignored\ngenerates a bogus permission check and audit record.\n\nFix this by checking sample_type first and only calling the hook when\nits result would be honored.",
  "id": "GHSA-hmgx-rfwx-3mvq",
  "modified": "2024-02-27T21:31:27Z",
  "published": "2024-02-27T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46971"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.