Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-23133

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

Published

2021-04-22T18:15:08.123

Last Modified

2024-11-21T05:51:16.080

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-362
Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.14.232	Yes
Operating System	linux	linux_kernel	< 4.19.189	Yes
Operating System	linux	linux_kernel	< 5.4.114	Yes
Operating System	linux	linux_kernel	< 5.10.32	Yes
Operating System	linux	linux_kernel	< 5.11.16	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	fedoraproject	fedora	34	Yes
Operating System	debian	debian_linux	9.0	Yes
Application	netapp	cloud_backup	-	Yes
Application	netapp	solidfire_\&_hci_management_node	-	Yes
Operating System	broadcom	brocade_fabric_operating_system	-	Yes
Operating System	netapp	h410c_firmware	-	Yes
Hardware	netapp	h410c	-	No
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h300e_firmware	-	Yes
Hardware	netapp	h300e	-	No
Operating System	netapp	h500e_firmware	-	Yes
Hardware	netapp	h500e	-	No
Operating System	netapp	h700e_firmware	-	Yes
Hardware	netapp	h700e	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Operating System	netapp	solidfire_baseboard_management_controller_firmware	-	Yes
Hardware	netapp	solidfire_baseboard_management_controller	-	No

References

http://www.openwall.com/lists/oss-security/2021/05/10/1 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/05/10/2 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/05/10/3 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/05/10/4 Mailing List, Patch, Third Party Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b Mailing List, Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html Mitigation, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html Mitigation, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/ ([email protected])
https://security.netapp.com/advisory/ntap-20210611-0008/ Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2021/04/18/2 Exploit, Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/05/10/1 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/05/10/2 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/05/10/3 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/05/10/4 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b Mailing List, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210611-0008/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2021/04/18/2 Exploit, Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)