CVE-2021-36086
- Source
- https://cve.org/CVERecord?id=CVE-2021-36086
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36086.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-36086
- Downstream
- Related
- Published
- 2021-07-01T03:15:08.783Z
- Modified
- 2026-01-30T01:36:38.068082Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
The CIL compiler in SELinux 3.2 has a use-after-free in cilresetclasspermission (called from cilresetclasspermsset and cilresetclasspermslist).
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
- https://lists.debian.org/debian-lts-announce/2024/10/msg00021.html
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
- https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
- https://security.netapp.com/advisory/ntap-20250207-0004/
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
- https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
Affected packages
Git / github.com/selinuxproject/selinux
Affected ranges
- Type
- GIT
- Repo
- https://github.com/selinuxproject/selinux
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
20080909
20090403
20090731
20091123
20100525
20101221
20110727
20120216
20120924
20130423
20131030
20131030_1
20131030_2
20131030_3
20131030_4
20140506
20140826-rc1
20140826-rc2
20140826-rc3
20140826-rc4
20140826-rc5
20140826-rc6
20140826-rc7
20150202
20160107
20160223
20160930
20161006
20161014
20170609
20170616
20170623
20170630
20170718
20170728
20170804
20180419
20180426
20180510
20180524
20190125
20190301
20190315
20191031
20191122
20191204
20200518
20200619
20200710
before_splitpolicycoreutils
3.*
3.2
3.2-rc1
3.2-rc2
3.2-rc3
checkpolicy-2.*
checkpolicy-2.2
checkpolicy-2.3
checkpolicy-2.3-rc1
checkpolicy-2.4
checkpolicy-2.4-rc3
checkpolicy-2.4-rc4
checkpolicy-2.4-rc5
checkpolicy-2.4-rc6
checkpolicy-2.4-rc7
checkpolicy-2.5
checkpolicy-2.5-rc1
checkpolicy-2.6
checkpolicy-2.6-rc1
checkpolicy-2.6-rc2
checkpolicy-2.7
checkpolicy-2.7-rc1
checkpolicy-2.7-rc2
checkpolicy-2.7-rc3
checkpolicy-2.7-rc4
checkpolicy-2.7-rc5
checkpolicy-2.7-rc6
checkpolicy-2.8
checkpolicy-2.8-rc1
checkpolicy-2.8-rc2
checkpolicy-2.8-rc3
checkpolicy-2.9
checkpolicy-3.*
checkpolicy-3.0
checkpolicy-3.0-rc1
checkpolicy-3.1
checkpolicy-3.1-rc2
checkpolicy-3.2
checkpolicy-3.2-rc1
checkpolicy-3.2-rc2
checkpolicy-3.2-rc3
libselinux-2.*
libselinux-2.2
libselinux-2.2.1
libselinux-2.2.2
libselinux-2.3
libselinux-2.3-rc1
libselinux-2.4
libselinux-2.4-rc2
libselinux-2.4-rc3
libselinux-2.4-rc4
libselinux-2.4-rc5
libselinux-2.4-rc6
libselinux-2.4-rc7
libselinux-2.5
libselinux-2.5-rc1
libselinux-2.6
libselinux-2.6-rc1
libselinux-2.6-rc2
libselinux-2.7
libselinux-2.7-rc1
libselinux-2.7-rc2
libselinux-2.7-rc3
libselinux-2.7-rc4
libselinux-2.7-rc5
libselinux-2.7-rc6
libselinux-2.8
libselinux-2.8-rc1
libselinux-2.8-rc2
libselinux-2.8-rc3
libselinux-2.9
libselinux-3.*
libselinux-3.0
libselinux-3.0-rc1
libselinux-3.1
libselinux-3.1-rc2
libselinux-3.2
libselinux-3.2-rc1
libselinux-3.2-rc2
libselinux-3.2-rc3
libsemanage-2.*
libsemanage-2.2
libsemanage-2.3
libsemanage-2.3-rc1
libsemanage-2.4
libsemanage-2.4-rc2
libsemanage-2.4-rc3
libsemanage-2.4-rc4
libsemanage-2.4-rc5
libsemanage-2.4-rc6
libsemanage-2.4-rc7
libsemanage-2.5
libsemanage-2.5-rc1
libsemanage-2.6
libsemanage-2.6-rc1
libsemanage-2.6-rc2
libsemanage-2.7
libsemanage-2.7-rc1
libsemanage-2.7-rc2
libsemanage-2.7-rc3
libsemanage-2.7-rc4
libsemanage-2.7-rc5
libsemanage-2.7-rc6
libsemanage-2.8
libsemanage-2.8-rc1
libsemanage-2.8-rc2
libsemanage-2.8-rc3
libsemanage-2.9
libsemanage-3.*
libsemanage-3.0
libsemanage-3.0-rc1
libsemanage-3.1
libsemanage-3.1-rc2
libsemanage-3.2
libsemanage-3.2-rc1
libsemanage-3.2-rc2
libsemanage-3.2-rc3
libsepol-2.*
libsepol-2.2
libsepol-2.3
libsepol-2.3-rc1
libsepol-2.4
libsepol-2.4-rc2
libsepol-2.4-rc3
libsepol-2.4-rc4
libsepol-2.4-rc5
libsepol-2.4-rc6
libsepol-2.4-rc7
libsepol-2.5
libsepol-2.5-rc1
libsepol-2.6
libsepol-2.6-rc1
libsepol-2.6-rc2
libsepol-2.7
libsepol-2.7-rc1
libsepol-2.7-rc2
libsepol-2.7-rc3
libsepol-2.7-rc4
libsepol-2.7-rc5
libsepol-2.7-rc6
libsepol-2.8
libsepol-2.8-rc1
libsepol-2.8-rc2
libsepol-2.8-rc3
libsepol-2.9
libsepol-3.*
libsepol-3.0
libsepol-3.0-rc1
libsepol-3.1
libsepol-3.1-rc2
libsepol-3.2
libsepol-3.2-rc1
libsepol-3.2-rc2
libsepol-3.2-rc3
mcstrans-2.*
mcstrans-2.7
mcstrans-2.7-rc1
mcstrans-2.7-rc2
mcstrans-2.7-rc3
mcstrans-2.7-rc4
mcstrans-2.7-rc5
mcstrans-2.7-rc6
mcstrans-2.8
mcstrans-2.8-rc1
mcstrans-2.8-rc2
mcstrans-2.8-rc3
mcstrans-2.9
mcstrans-3.*
mcstrans-3.0
mcstrans-3.0-rc1
mcstrans-3.1
mcstrans-3.1-rc2
mcstrans-3.2
mcstrans-3.2-rc1
mcstrans-3.2-rc2
mcstrans-3.2-rc3
policycoreutils-2.*
policycoreutils-2.2
policycoreutils-2.2.1
policycoreutils-2.2.2
policycoreutils-2.2.3
policycoreutils-2.2.4
policycoreutils-2.2.5
policycoreutils-2.3
policycoreutils-2.3-rc1
policycoreutils-2.4
policycoreutils-2.4-rc2
policycoreutils-2.4-rc3
policycoreutils-2.4-rc4
policycoreutils-2.4-rc5
policycoreutils-2.4-rc6
policycoreutils-2.4-rc7
policycoreutils-2.5
policycoreutils-2.5-rc1
policycoreutils-2.6
policycoreutils-2.6-rc1
policycoreutils-2.6-rc2
policycoreutils-2.7
policycoreutils-2.7-rc1
policycoreutils-2.7-rc2
policycoreutils-2.7-rc3
policycoreutils-2.7-rc4
policycoreutils-2.7-rc5
policycoreutils-2.7-rc6
policycoreutils-2.8
policycoreutils-2.8-rc1
policycoreutils-2.8-rc2
policycoreutils-2.8-rc3
policycoreutils-2.9
policycoreutils-3.*
policycoreutils-3.0
policycoreutils-3.0-rc1
policycoreutils-3.1
policycoreutils-3.1-rc2
policycoreutils-3.2
policycoreutils-3.2-rc1
policycoreutils-3.2-rc2
policycoreutils-3.2-rc3
restorecond-2.*
restorecond-2.7
restorecond-2.7-rc1
restorecond-2.7-rc2
restorecond-2.7-rc3
restorecond-2.7-rc4
restorecond-2.7-rc5
restorecond-2.7-rc6
restorecond-2.8
restorecond-2.8-rc1
restorecond-2.8-rc2
restorecond-2.8-rc3
restorecond-2.9
restorecond-3.*
restorecond-3.0
restorecond-3.0-rc1
restorecond-3.1
restorecond-3.1-rc2
restorecond-3.2
restorecond-3.2-rc1
restorecond-3.2-rc2
restorecond-3.2-rc3
secilc-2.*
secilc-2.5
secilc-2.5-rc1
secilc-2.6
secilc-2.6-rc1
secilc-2.6-rc2
secilc-2.7
secilc-2.7-rc1
secilc-2.7-rc2
secilc-2.7-rc3
secilc-2.7-rc4
secilc-2.7-rc5
secilc-2.7-rc6
secilc-2.8
secilc-2.8-rc1
secilc-2.8-rc2
secilc-2.8-rc3
secilc-2.9
secilc-3.*
secilc-3.0
secilc-3.0-rc1
secilc-3.1
secilc-3.1-rc2
secilc-3.2
secilc-3.2-rc1
secilc-3.2-rc2
secilc-3.2-rc3
selinux-dbus-2.*
selinux-dbus-2.7
selinux-dbus-2.7-rc1
selinux-dbus-2.7-rc2
selinux-dbus-2.7-rc3
selinux-dbus-2.7-rc4
selinux-dbus-2.7-rc5
selinux-dbus-2.7-rc6
selinux-dbus-2.8
selinux-dbus-2.8-rc1
selinux-dbus-2.8-rc2
selinux-dbus-2.8-rc3
selinux-dbus-2.9
selinux-dbus-3.*
selinux-dbus-3.0
selinux-dbus-3.0-rc1
selinux-dbus-3.1
selinux-dbus-3.1-rc2
selinux-dbus-3.2
selinux-dbus-3.2-rc1
selinux-dbus-3.2-rc2
selinux-dbus-3.2-rc3
selinux-gui-2.*
selinux-gui-2.7
selinux-gui-2.7-rc1
selinux-gui-2.7-rc2
selinux-gui-2.7-rc3
selinux-gui-2.7-rc4
selinux-gui-2.7-rc5
selinux-gui-2.7-rc6
selinux-gui-2.8
selinux-gui-2.8-rc1
selinux-gui-2.8-rc2
selinux-gui-2.8-rc3
selinux-gui-2.9
selinux-gui-3.*
selinux-gui-3.0
selinux-gui-3.0-rc1
selinux-gui-3.1
selinux-gui-3.1-rc2
selinux-gui-3.2
selinux-gui-3.2-rc1
selinux-gui-3.2-rc2
selinux-gui-3.2-rc3
selinux-python-2.*
selinux-python-2.7
selinux-python-2.7-rc1
selinux-python-2.7-rc2
selinux-python-2.7-rc3
selinux-python-2.7-rc4
selinux-python-2.7-rc5
selinux-python-2.7-rc6
selinux-python-2.8
selinux-python-2.8-rc1
selinux-python-2.8-rc2
selinux-python-2.8-rc3
selinux-python-2.9
selinux-python-3.*
selinux-python-3.0
selinux-python-3.0-rc1
selinux-python-3.1
selinux-python-3.1-rc2
selinux-python-3.2
selinux-python-3.2-rc1
selinux-python-3.2-rc2
selinux-python-3.2-rc3
selinux-sandbox-2.*
selinux-sandbox-2.7
selinux-sandbox-2.7-rc1
selinux-sandbox-2.7-rc2
selinux-sandbox-2.7-rc3
selinux-sandbox-2.7-rc4
selinux-sandbox-2.7-rc5
selinux-sandbox-2.7-rc6
selinux-sandbox-2.8
selinux-sandbox-2.8-rc1
selinux-sandbox-2.8-rc2
selinux-sandbox-2.8-rc3
selinux-sandbox-2.9
selinux-sandbox-3.*
selinux-sandbox-3.0
selinux-sandbox-3.0-rc1
selinux-sandbox-3.1
selinux-sandbox-3.1-rc2
selinux-sandbox-3.2
selinux-sandbox-3.2-rc1
selinux-sandbox-3.2-rc2
selinux-sandbox-3.2-rc3
semodule-utils-2.*
semodule-utils-2.7
semodule-utils-2.7-rc1
semodule-utils-2.7-rc2
semodule-utils-2.7-rc3
semodule-utils-2.7-rc4
semodule-utils-2.7-rc5
semodule-utils-2.7-rc6
semodule-utils-2.8
semodule-utils-2.8-rc1
semodule-utils-2.8-rc2
semodule-utils-2.8-rc3
semodule-utils-2.9
semodule-utils-3.*
semodule-utils-3.0
semodule-utils-3.0-rc1
semodule-utils-3.1
semodule-utils-3.1-rc2
semodule-utils-3.2
semodule-utils-3.2-rc1
semodule-utils-3.2-rc2
semodule-utils-3.2-rc3
sepolgen-1.*
sepolgen-1.2
sepolgen-1.2.1
sepolgen-1.2.2
sepolgen-1.2.2-rc2
sepolgen-1.2.2-rc3
sepolgen-1.2.2-rc4
sepolgen-1.2.2-rc5
sepolgen-1.2.2-rc6
sepolgen-1.2.2-rc7
sepolgen-1.2.3
sepolgen-1.2.3-rc1
sepolgen-2.*
sepolgen-2.6
sepolgen-2.6-rc1
sepolgen-2.6-rc2
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36086.json"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"238834479780486971736228051238403053341",
"153800074891775518363529245327982065367",
"290747283680954031151721411311045337991",
"162766036174898142873097102429039450688"
]
},
"source": "https://github.com/selinuxproject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8",
"target": {
"file": "libsepol/cil/src/cil_reset_ast.c"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2021-36086-06db8dc3"
},
{
"digest": {
"length": 71.0,
"function_hash": "76894657754915092398298838715200092986"
},
"source": "https://github.com/selinuxproject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8",
"target": {
"function": "cil_reset_classperms_set",
"file": "libsepol/cil/src/cil_reset_ast.c"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2021-36086-a7f133bc"
}
]