Vulnerabilities > Selinux Project

DATE CVE VULNERABILITY TITLE RISK
2021-07-01 CVE-2021-36084 Use After Free vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
local
low complexity
selinux-project fedoraproject CWE-416
3.3
2021-07-01 CVE-2021-36085 Use After Free vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
local
low complexity
selinux-project fedoraproject CWE-416
3.3
2021-07-01 CVE-2021-36086 Use After Free vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
local
low complexity
selinux-project fedoraproject CWE-416
3.3
2021-07-01 CVE-2021-36087 Out-of-bounds Read vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow).
local
low complexity
selinux-project fedoraproject CWE-125
3.3
2018-03-02 CVE-2018-1063 Link Following vulnerability in multiple products
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions.
local
low complexity
redhat selinux-project CWE-59
4.4
2017-07-21 CVE-2015-3170 7PK - Security Features vulnerability in Selinux Project Selinux
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.
local
low complexity
selinux-project CWE-254
2.1
2017-01-19 CVE-2016-7545 Improper Access Control vulnerability in multiple products
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
8.8