CVE-2021-35039 — Improper Verification of Cryptographic Signature in Kernel

CWE-347 — Improper Verification of Cryptographic Signature6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 75.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +2 more

Timeline

PublishedJul 7

Latest updateMay 24

Description

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDlinux/linux_kernel4.15 — 4.19.196+3

▶Debianlinux/linux_kernel< 5.10.70-1+3

▶msrcmsrc/cm1_kernel_5.10.60.1-1_on_cbl_mariner_1.0

▶msrcmsrc/cbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0

▶debiandebian/linux< linux 5.14.6-1 (bookworm)

Also affects: Debian Linux 9.0

Patches

Patch: cdn.kernel.org ↗Patch: git.kernel.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-jf73-g393-6jw9: kernel/module↗2022-05-24

▶

OSV

CVE-2021-35039: kernel/module↗2021-07-07

▶

📋Vendor Advisories

Microsoft

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG verification that a kernel module is signed for loading via init_mo↗2021-07-13

▶

Red Hat

kernel: allows loading unsigned kernel modules via init_module syscall↗2021-07-06

▶

Debian

CVE-2021-35039: linux - kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verifica...↗2021

▶