CVE-2021-35039 - Improper Verification of Cryptographic Signature

Severity

78%

Complexity

18%

Confidentiality

98%

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.

CVSS 3.1 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Demo Examples

Improper Verification of Cryptographic Signature

CWE-347

In the following code, a JarFile object is created from a downloaded file.


               
JarFile jf = new JarFile(f);

The JAR file that was potentially downloaded from an untrusted source is created without verifying the signature (if present). An alternate constructor that accepts a boolean verify parameter should be used instead.

Overview

Type

Linux

First reported 3 years ago

2021-07-07 01:15:00

Last updated 3 years ago

2021-12-06 17:03:00

Affected Software

Linux Kernel

Debian Linux 9.0

9.0

References

https://www.openwall.com/lists/oss-security/2021/07/06/3

https://github.com/torvalds/linux/commit/0c18f29aae7ce3dadd26d8ee3505d07cc982df75

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14

[oss-security] 20210706 CVE-2021-35039: Linux kernel loading unsigned kernel modules via init_module syscall

https://www.openwall.com/lists/oss-security/2021/07/06/3

Mailing List, Third Party Advisory

https://github.com/torvalds/linux/commit/0c18f29aae7ce3dadd26d8ee3505d07cc982df75

Patch, Third Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14

Mailing List, Patch, Vendor Advisory

[oss-security] 20210706 CVE-2021-35039: Linux kernel loading unsigned kernel modules via init_module syscall

Mailing List, Third Party Advisory

https://security.netapp.com/advisory/ntap-20210813-0004/

https://security.netapp.com/advisory/ntap-20210813-0004/

Third Party Advisory

[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0c18f29aae7ce3dadd26d8ee3505d07cc982df75

[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update

Mailing List, Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0c18f29aae7ce3dadd26d8ee3505d07cc982df75

Mailing List, Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.