CVE-2021-35039

2021-07-0700:00:00

ubuntu.com

linux

signature verification

module loading

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

15.8%

JSON

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature
Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification
that a kernel module is signed, for loading via init_module, does not occur
for a module.sig_enforce=1 command-line argument.

Notes

Author	Note
sbeattie	CONFIG_MODULE_SIG has been enabled in Ubuntu kernels at least as early as Ubuntu 14.04 LTS, so should not be affected.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux-aws-5.11< 5.11.0-1017.18~20.04.1UNKNOWN
ubuntu20.04noarchlinux-azure-5.11< 5.11.0-1015.16~20.04.1UNKNOWN
ubuntu20.04noarchlinux-gcp-5.11< 5.11.0-1018.20~20.04.2UNKNOWN
ubuntu20.04noarchlinux-ibm< 5.4.0-1004.5UNKNOWN
ubuntu20.04noarchlinux-oracle-5.11< 5.11.0-1017.18~20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux-aws-5.11	< 5.11.0-1017.18~20.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.11	< 5.11.0-1015.16~20.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-gcp-5.11	< 5.11.0-1018.20~20.04.2	UNKNOWN
ubuntu	20.04	noarch	linux-ibm	< 5.4.0-1004.5	UNKNOWN
ubuntu	20.04	noarch	linux-oracle-5.11	< 5.11.0-1017.18~20.04.1	UNKNOWN