NVD Vulnerability Detail

CVE-2021-3864

Summary	A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.
Publication Date	Aug. 27, 2022, 1:15 a.m.
Registration Date	Aug. 27, 2022, 10 a.m.
Last Update	Nov. 21, 2024, 3:22 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://access.redhat.com/security/cve/CVE-2021-3864	Third Party Advisory
2	https://access.redhat.com/security/cve/CVE-2021-3864	Third Party Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=2015046	Issue Tracking Patch Third Party Advisory
4	https://bugzilla.redhat.com/show_bug.cgi?id=2015046	Issue Tracking Patch Third Party Advisory
5	https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/
6	https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/
7	https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/
8	https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/
9	https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/
10	https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/
11	https://security-tracker.debian.org/tracker/CVE-2021-3864	Third Party Advisory
12	https://security-tracker.debian.org/tracker/CVE-2021-3864	Third Party Advisory
13	https://www.openwall.com/lists/oss-security/2021/10/20/2	Exploit Mailing List Third Party Advisory
14	https://www.openwall.com/lists/oss-security/2021/10/20/2	Exploit Mailing List Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel 他複数ベンダの製品におけるアクセス制御に関する脆弱性

Title	Linux の Linux Kernel 他複数ベンダの製品におけるアクセス制御に関する脆弱性
Summary	Linux の Linux Kernel 他複数ベンダの製品には、アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 20, 2021, midnight
Registration Date	Oct. 20, 2023, 12:30 p.m.
Last Update	Oct. 20, 2023, 12:30 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 6.0

Red Hat Enterprise Linux 7.0

Red Hat Enterprise Linux 9.0

Debian

Debian GNU/Linux 10.0

Debian GNU/Linux 11.0

Linux

Linux Kernel

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-3864	https://www.cve.org/CVERecord?id=CVE-2021-3864
Debian Security Tracker
2	CVE-2021-3864	https://security-tracker.debian.org/tracker/CVE-2021-3864
National Vulnerability Database (NVD)
3	CVE-2021-3864	https://nvd.nist.gov/vuln/detail/CVE-2021-3864
Red Hat Customer Portal
4	CVE-2021-3864	https://access.redhat.com/security/cve/CVE-2021-3864

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-284	https://cwe.mitre.org/data/definitions/284.html

ベンダー情報

No	Name	URL
Linux Kernel
1	Linux Kernel Archives	https://www.kernel.org
lore.kernel.org
2	Re: [PATCH] exec: Make suid_dumpable apply to SUID/SGID binaries irrespective of invoking users	https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/
3	[PATCH RFC v2 0/4] coredump: mitigate privilege escalation of process coredump	https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/
4	[PATCH] exec: Make suid_dumpable apply to SUID/SGID binaries irrespective of invoking users	https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/
Red Hat Bugzilla
5	Bug 2015046	https://bugzilla.redhat.com/show_bug.cgi?id=2015046

その他

No	Name	URL
関連文書
1	www.openwall.com (oss-security/2021/10/20/2)	https://www.openwall.com/lists/oss-security/2021/10/20/2

Change Log

No	Changed Details	Date of change
1	[2023年10月13日] 掲載	Oct. 13, 2023, 5:51 p.m.