PT-2021-3701 · Linux+2 · Linux Kernel+2

Nayna

·

Published

2021-06-22

·

Updated

2023-05-16

·

CVE-2021-35039

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.14
Description The issue is related to the mishandling of Signature Verification in the Linux kernel. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The problem occurs when the module.sig enforce=1 command-line argument is used without CONFIG MODULE SIG, resulting in a lack of verification that a kernel module is signed before loading it via init module.
Recommendations For Linux kernel versions prior to 5.12.14, update to version 5.12.14 or later to resolve the issue. As a temporary workaround, consider enabling CONFIG MODULE SIG to ensure signature verification for kernel modules. Restrict the use of the module.sig enforce=1 command-line argument until the update is applied.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALT-PU-2021-2102
ALT-PU-2021-2103
ALT-PU-2021-2165
ALT-PU-2021-2199
ALT-PU-2021-2201
ALT-PU-2021-2207
ALT-PU-2021-2221
ALT-PU-2021-2293
ALT-PU-2021-2305
ALT-PU-2021-2307
ALT-PU-2021-2315
ALT-PU-2021-2326
ALT-PU-2021-2330
ALT-PU-2021-2334
ALT-PU-2021-2671
ALT-PU-2021-3481
ALT-PU-2022-2096
AZL-6570
BDU:2021-03938
CVE-2021-35039
DLA-2785-1
MGASA-2021-0347
MGASA-2021-0348
OESA-2021-1279
OPENSUSE-SU-2021:1076-1
OPENSUSE-SU-2021:2645-1
OPENSUSE-SU-2021:2687-1
OPENSUSE-SU-2021_1076-1
OPENSUSE-SU-2021_2645-1
OPENSUSE-SU-2021_2687-1
SUSE-SU-2021:2408-1
SUSE-SU-2021:2438-1
SUSE-SU-2021:2599-1
SUSE-SU-2021:2599-2
SUSE-SU-2021:2645-1
SUSE-SU-2021:2687-1

Affected Products

Alt Linux
Linux Kernel
Suse