{"id":"CVE-2021-36086","details":"The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).","modified":"2026-05-18T20:15:48.290539Z","published":"2021-07-01T03:15:08.783Z","related":["ALSA-2021:4513","openSUSE-SU-2024:10990-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"11.0"}]},{"cpes":["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"35"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/"},{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00021.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250207-0004/"},{"type":"FIX","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177"},{"type":"FIX","url":"https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/selinuxproject/selinux","events":[{"introduced":"0"},{"fixed":"7f600c40bc18d8180993edcd54daf45124736776"},{"fixed":"c49a8ea09501ad66e799ea41b8154b6770fec2c8"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.3"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:selinux_project:selinux:*:*:*:*:*:*:*:*"}}],"versions":["semodule-utils-3.3-rc3","selinux-sandbox-3.3-rc3","selinux-python-3.3-rc3","selinux-gui-3.3-rc3","selinux-dbus-3.3-rc3","secilc-3.3-rc3","restorecond-3.3-rc3","policycoreutils-3.3-rc3","mcstrans-3.3-rc3","libsepol-3.3-rc3","libsemanage-3.3-rc3","libselinux-3.3-rc3","checkpolicy-3.3-rc3","3.3-rc3","semodule-utils-3.3-rc2","selinux-sandbox-3.3-rc2","selinux-python-3.3-rc2","selinux-gui-3.3-rc2","selinux-dbus-3.3-rc2","secilc-3.3-rc2","restorecond-3.3-rc2","policycoreutils-3.3-rc2","mcstrans-3.3-rc2","libsepol-3.3-rc2","libsemanage-3.3-rc2","libselinux-3.3-rc2","checkpolicy-3.3-rc2","3.3-rc2","semodule-utils-3.3-rc1","selinux-sandbox-3.3-rc1","selinux-python-3.3-rc1","selinux-gui-3.3-rc1","selinux-dbus-3.3-rc1","secilc-3.3-rc1","restorecond-3.3-rc1","policycoreutils-3.3-rc1","mcstrans-3.3-rc1","libsepol-3.3-rc1","libsemanage-3.3-rc1","libselinux-3.3-rc1","checkpolicy-3.3-rc1","3.3-rc1","semodule-utils-3.2","selinux-sandbox-3.2","selinux-python-3.2","selinux-gui-3.2","selinux-dbus-3.2","secilc-3.2","restorecond-3.2","policycoreutils-3.2","mcstrans-3.2","libsepol-3.2","libsemanage-3.2","libselinux-3.2","checkpolicy-3.2","3.2","semodule-utils-3.2-rc3","selinux-sandbox-3.2-rc3","selinux-python-3.2-rc3","selinux-gui-3.2-rc3","selinux-dbus-3.2-rc3","secilc-3.2-rc3","restorecond-3.2-rc3","policycoreutils-3.2-rc3","mcstrans-3.2-rc3","libsepol-3.2-rc3","libsemanage-3.2-rc3","libselinux-3.2-rc3","checkpolicy-3.2-rc3","3.2-rc3","semodule-utils-3.2-rc2","selinux-sandbox-3.2-rc2","selinux-python-3.2-rc2","selinux-gui-3.2-rc2","selinux-dbus-3.2-rc2","secilc-3.2-rc2","restorecond-3.2-rc2","policycoreutils-3.2-rc2","mcstrans-3.2-rc2","libsepol-3.2-rc2","libsemanage-3.2-rc2","libselinux-3.2-rc2","checkpolicy-3.2-rc2","3.2-rc2","semodule-utils-3.2-rc1","selinux-sandbox-3.2-rc1","selinux-python-3.2-rc1","selinux-gui-3.2-rc1","selinux-dbus-3.2-rc1","secilc-3.2-rc1","restorecond-3.2-rc1","policycoreutils-3.2-rc1","mcstrans-3.2-rc1","libsepol-3.2-rc1","libsemanage-3.2-rc1","libselinux-3.2-rc1","checkpolicy-3.2-rc1","3.2-rc1","semodule-utils-3.1","selinux-sandbox-3.1","selinux-python-3.1","selinux-gui-3.1","selinux-dbus-3.1","secilc-3.1","restorecond-3.1","policycoreutils-3.1","mcstrans-3.1","libsepol-3.1","libsemanage-3.1","libselinux-3.1","checkpolicy-3.1","20200710","semodule-utils-3.1-rc2","selinux-sandbox-3.1-rc2","selinux-python-3.1-rc2","selinux-gui-3.1-rc2","selinux-dbus-3.1-rc2","secilc-3.1-rc2","restorecond-3.1-rc2","policycoreutils-3.1-rc2","mcstrans-3.1-rc2","libsepol-3.1-rc2","libsemanage-3.1-rc2","libselinux-3.1-rc2","checkpolicy-3.1-rc2","20200619","20200518","semodule-utils-3.0","selinux-sandbox-3.0","selinux-python-3.0","selinux-gui-3.0","selinux-dbus-3.0","secilc-3.0","restorecond-3.0","policycoreutils-3.0","mcstrans-3.0","libsepol-3.0","libsemanage-3.0","libselinux-3.0","checkpolicy-3.0","20191204","20191122","semodule-utils-3.0-rc1","selinux-sandbox-3.0-rc1","selinux-python-3.0-rc1","selinux-gui-3.0-rc1","selinux-dbus-3.0-rc1","secilc-3.0-rc1","restorecond-3.0-rc1","policycoreutils-3.0-rc1","mcstrans-3.0-rc1","libsepol-3.0-rc1","libsemanage-3.0-rc1","libselinux-3.0-rc1","checkpolicy-3.0-rc1","20191031","semodule-utils-2.9","selinux-sandbox-2.9","selinux-python-2.9","selinux-gui-2.9","selinux-dbus-2.9","secilc-2.9","restorecond-2.9","policycoreutils-2.9","mcstrans-2.9","libsepol-2.9","libsemanage-2.9","libselinux-2.9","checkpolicy-2.9","20190315","20190301","20190125","semodule-utils-2.8","selinux-sandbox-2.8","selinux-python-2.8","selinux-gui-2.8","selinux-dbus-2.8","secilc-2.8","restorecond-2.8","policycoreutils-2.8","mcstrans-2.8","libsepol-2.8","libsemanage-2.8","libselinux-2.8","checkpolicy-2.8","20180524","semodule-utils-2.8-rc3","selinux-sandbox-2.8-rc3","selinux-python-2.8-rc3","selinux-gui-2.8-rc3","selinux-dbus-2.8-rc3","secilc-2.8-rc3","restorecond-2.8-rc3","policycoreutils-2.8-rc3","mcstrans-2.8-rc3","libsepol-2.8-rc3","libsemanage-2.8-rc3","libselinux-2.8-rc3","checkpolicy-2.8-rc3","20180510","semodule-utils-2.8-rc2","selinux-sandbox-2.8-rc2","selinux-python-2.8-rc2","selinux-gui-2.8-rc2","selinux-dbus-2.8-rc2","secilc-2.8-rc2","restorecond-2.8-rc2","policycoreutils-2.8-rc2","mcstrans-2.8-rc2","libsepol-2.8-rc2","libsemanage-2.8-rc2","libselinux-2.8-rc2","checkpolicy-2.8-rc2","20180426","semodule-utils-2.8-rc1","selinux-sandbox-2.8-rc1","selinux-python-2.8-rc1","selinux-gui-2.8-rc1","selinux-dbus-2.8-rc1","secilc-2.8-rc1","restorecond-2.8-rc1","policycoreutils-2.8-rc1","mcstrans-2.8-rc1","libsepol-2.8-rc1","libsemanage-2.8-rc1","libselinux-2.8-rc1","checkpolicy-2.8-rc1","20180419","semodule-utils-2.7","selinux-sandbox-2.7","selinux-python-2.7","selinux-gui-2.7","selinux-dbus-2.7","secilc-2.7","restorecond-2.7","policycoreutils-2.7","mcstrans-2.7","libsepol-2.7","libsemanage-2.7","libselinux-2.7","checkpolicy-2.7","20170804","semodule-utils-2.7-rc6","selinux-sandbox-2.7-rc6","selinux-python-2.7-rc6","selinux-gui-2.7-rc6","selinux-dbus-2.7-rc6","secilc-2.7-rc6","restorecond-2.7-rc6","policycoreutils-2.7-rc6","mcstrans-2.7-rc6","libsepol-2.7-rc6","libsemanage-2.7-rc6","libselinux-2.7-rc6","checkpolicy-2.7-rc6","20170728","semodule-utils-2.7-rc5","selinux-sandbox-2.7-rc5","selinux-python-2.7-rc5","selinux-gui-2.7-rc5","selinux-dbus-2.7-rc5","secilc-2.7-rc5","restorecond-2.7-rc5","policycoreutils-2.7-rc5","mcstrans-2.7-rc5","libsepol-2.7-rc5","libsemanage-2.7-rc5","libselinux-2.7-rc5","checkpolicy-2.7-rc5","20170718","semodule-utils-2.7-rc4","selinux-sandbox-2.7-rc4","selinux-python-2.7-rc4","selinux-gui-2.7-rc4","selinux-dbus-2.7-rc4","secilc-2.7-rc4","restorecond-2.7-rc4","policycoreutils-2.7-rc4","mcstrans-2.7-rc4","libsepol-2.7-rc4","libsemanage-2.7-rc4","libselinux-2.7-rc4","checkpolicy-2.7-rc4","20170630","semodule-utils-2.7-rc3","selinux-sandbox-2.7-rc3","selinux-python-2.7-rc3","selinux-gui-2.7-rc3","selinux-dbus-2.7-rc3","secilc-2.7-rc3","restorecond-2.7-rc3","policycoreutils-2.7-rc3","mcstrans-2.7-rc3","libsepol-2.7-rc3","libsemanage-2.7-rc3","libselinux-2.7-rc3","checkpolicy-2.7-rc3","20170623","semodule-utils-2.7-rc2","selinux-sandbox-2.7-rc2","selinux-python-2.7-rc2","selinux-gui-2.7-rc2","selinux-dbus-2.7-rc2","secilc-2.7-rc2","restorecond-2.7-rc2","policycoreutils-2.7-rc2","mcstrans-2.7-rc2","libsepol-2.7-rc2","libsemanage-2.7-rc2","libselinux-2.7-rc2","checkpolicy-2.7-rc2","20170616","semodule-utils-2.7-rc1","selinux-sandbox-2.7-rc1","selinux-python-2.7-rc1","selinux-gui-2.7-rc1","selinux-dbus-2.7-rc1","secilc-2.7-rc1","restorecond-2.7-rc1","policycoreutils-2.7-rc1","mcstrans-2.7-rc1","libsepol-2.7-rc1","libsemanage-2.7-rc1","libselinux-2.7-rc1","checkpolicy-2.7-rc1","20170609","before_splitpolicycoreutils","sepolgen-2.6","secilc-2.6","policycoreutils-2.6","libsepol-2.6","libsemanage-2.6","libselinux-2.6","checkpolicy-2.6","20161014","sepolgen-2.6-rc2","secilc-2.6-rc2","policycoreutils-2.6-rc2","libsepol-2.6-rc2","libsemanage-2.6-rc2","libselinux-2.6-rc2","checkpolicy-2.6-rc2","20161006","sepolgen-2.6-rc1","secilc-2.6-rc1","policycoreutils-2.6-rc1","libsepol-2.6-rc1","libsemanage-2.6-rc1","libselinux-2.6-rc1","checkpolicy-2.6-rc1","20160930","sepolgen-1.2.3","secilc-2.5","policycoreutils-2.5","libsepol-2.5","libsemanage-2.5","libselinux-2.5","checkpolicy-2.5","20160223","sepolgen-1.2.3-rc1","secilc-2.5-rc1","policycoreutils-2.5-rc1","libsepol-2.5-rc1","libsemanage-2.5-rc1","libselinux-2.5-rc1","checkpolicy-2.5-rc1","20160107","sepolgen-1.2.2","policycoreutils-2.4","libsepol-2.4","libsemanage-2.4","libselinux-2.4","checkpolicy-2.4","20150202","sepolgen-1.2.2-rc7","policycoreutils-2.4-rc7","libsepol-2.4-rc7","libsemanage-2.4-rc7","libselinux-2.4-rc7","checkpolicy-2.4-rc7","20140826-rc7","sepolgen-1.2.2-rc6","policycoreutils-2.4-rc6","libsepol-2.4-rc6","libsemanage-2.4-rc6","libselinux-2.4-rc6","checkpolicy-2.4-rc6","20140826-rc6","sepolgen-1.2.2-rc5","policycoreutils-2.4-rc5","libsepol-2.4-rc5","libsemanage-2.4-rc5","libselinux-2.4-rc5","checkpolicy-2.4-rc5","20140826-rc5","sepolgen-1.2.2-rc4","policycoreutils-2.4-rc4","libsepol-2.4-rc4","libsemanage-2.4-rc4","libselinux-2.4-rc4","checkpolicy-2.4-rc4","20140826-rc4","sepolgen-1.2.2-rc3","policycoreutils-2.4-rc3","libsepol-2.4-rc3","libsemanage-2.4-rc3","libselinux-2.4-rc3","checkpolicy-2.4-rc3","20140826-rc3","sepolgen-1.2.2-rc2","policycoreutils-2.4-rc2","libsepol-2.4-rc2","libsemanage-2.4-rc2","libselinux-2.4-rc2","20140826-rc2","20140826-rc1","policycoreutils-2.3","libsepol-2.3","libsemanage-2.3","libselinux-2.3","checkpolicy-2.3","20140506","policycoreutils-2.3-rc1","libsepol-2.3-rc1","libsemanage-2.3-rc1","libselinux-2.3-rc1","checkpolicy-2.3-rc1","policycoreutils-2.2.2","20131030_4","policycoreutils-2.2.1","20131030_3","sepolgen-1.2.1","20131030_2","sepolgen-1.2","policycoreutils-2.2","libsepol-2.2","libsemanage-2.2","libselinux-2.2","checkpolicy-2.2","20131030_1","20131030","20130423","20120924","20120216","20110727","20101221","20100525","20091123","20090731","20090403","20080909"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/selinuxproject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["238834479780486971736228051238403053341","153800074891775518363529245327982065367","290747283680954031151721411311045337991","162766036174898142873097102429039450688"]},"signature_type":"Line","id":"CVE-2021-36086-06db8dc3","target":{"file":"libsepol/cil/src/cil_reset_ast.c"},"deprecated":false},{"source":"https://github.com/selinuxproject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8","signature_version":"v1","digest":{"length":71,"function_hash":"76894657754915092398298838715200092986"},"signature_type":"Function","id":"CVE-2021-36086-a7f133bc","target":{"function":"cil_reset_classperms_set","file":"libsepol/cil/src/cil_reset_ast.c"},"deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36086.json","vanir_signatures_modified":"2026-05-18T20:15:48Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}