Описание
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.7-1ubuntu0.1 |
| devel | not-affected | 3.3-1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | 2.7-1ubuntu0.1 |
| esm-infra/focal | not-affected | 3.0-1ubuntu0.1 |
| esm-infra/xenial | released | 2.4-2ubuntu0.1~esm1 |
| focal | released | 3.0-1ubuntu0.1 |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
| impish | released | 3.1-1ubuntu2.1 |
Показывать по
EPSS
2.1 Low
CVSS2
3.3 Low
CVSS3
Связанные уязвимости
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). NOTE: bad0a746e9f4cf260dedba5828d9645d50176aac is cited in the OSV "fixed" field but does not have a code change.
EPSS
2.1 Low
CVSS2
3.3 Low
CVSS3