Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2021-47218
HistoryApr 10, 2024 - 7:01 p.m.

CVE-2021-47218 selinux: fix NULL-pointer dereference when hashtab allocation fails

2024-04-1019:01:57
Linux
www.cve.org
5
linux kernel
selinux
vulnerability
hashtab
allocation

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

selinux: fix NULL-pointer dereference when hashtab allocation fails

When the hash table slot array allocation fails in hashtab_init(),
h->size is left initialized with a non-zero value, but the h->htable
pointer is NULL. This may then cause a NULL pointer dereference, since
the policydb code relies on the assumption that even after a failed
hashtab_init(), hashtab_map() and hashtab_destroy() can be safely called
on it. Yet, these detect an empty hashtab only by looking at the size.

Fix this by making sure that hashtab_init() always leaves behind a valid
empty hashtab when the allocation fails.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "security/selinux/ss/hashtab.c"
    ],
    "versions": [
      {
        "version": "03414a49ad5f",
        "lessThan": "b17dd53cac76",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "03414a49ad5f",
        "lessThan": "83c8ab8503ad",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "03414a49ad5f",
        "lessThan": "dc27f3c5d10c",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "security/selinux/ss/hashtab.c"
    ],
    "versions": [
      {
        "version": "5.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.8",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.82",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.5",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cve 1
ubuntucve 1
redhatcve 1
debiancve 1
nvd 1
vulnrichment 1
nessus 6
openvas 5
cve
cve
CVE-2021-47218
2024-04-10 19:15:48
ubuntucve
ubuntucve
CVE-2021-47218
2024-04-10 00:00:00
redhatcve
redhatcve
CVE-2021-47218
2024-04-11 19:23:59
debiancve
debiancve
CVE-2021-47218
2024-04-10 19:15:48
nvd
nvd
CVE-2021-47218
2024-04-10 19:15:48
vulnrichment
vulnrichment
CVE-2021-47218 selinux: fix NULL-pointer dereference when hashtab allocation fails
2024-04-10 19:01:57
nessus
nessus
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-049)
2024-02-06 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)
2024-05-15 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
2024-05-15 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1647-1)
2024-05-24 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1641-1)
2024-05-24 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1644-1)
2024-05-24 00:00:00

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

15.5%

JSON
Related for CVELIST:CVE-2021-47218
cve1ubuntucve1redhatcve1debiancve1nvd1vulnrichment1nessus6openvas5