PT-2021-5068 · Linux+3 · Linux Kernel+3

Jann Horn

·

Published

2021-09-23

·

Updated

2023-08-14

·

CVE-2021-43057

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.8
Description A use-after-free issue in the selinux ptrace traceme() function, which is the SELinux handler for PTRACE TRACEME, could allow local attackers to cause memory corruption and escalate privileges. This occurs due to an attempt to access the subjective credentials of another task.
Recommendations For versions prior to 5.14.8, update to version 5.14.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the selinux ptrace traceme() function to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-2902
ALT-PU-2021-2926
ALT-PU-2021-3041
ALT-PU-2023-4894
AZL-6602
BDU:2021-05848
CVE-2021-43057
USN-5162-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Ubuntu