The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.