Vulnerability CVE-2021-23133: Information

Description

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

Severity: HIGH (7.0)

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.9)

Vector: CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23133

Published: April 22, 2021

Modified: Nov. 21, 2024

Error type identifier: CWE-362

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
kernel-image-mp	sisyphus	5.11.16-alt1	6.11.8-alt1	ALT-PU-2021-1698-2	270482	Fixed
kernel-image-mp	p10	5.11.16-alt1	6.1.19-alt1	ALT-PU-2021-1698-2	270482	Fixed
kernel-image-mp	p9	5.11.16-alt1	5.12.16-alt1	ALT-PU-2021-1869-5	271829	Fixed
kernel-image-rpi-def	sisyphus	5.10.36-alt1	5.15.92-alt2	ALT-PU-2021-1862-2	272154	Fixed
kernel-image-rpi-def	p10	5.10.36-alt1	5.15.92-alt2	ALT-PU-2021-1862-2	272154	Fixed
kernel-image-rpi-def	p9	5.10.36-alt1	5.10.81-alt1	ALT-PU-2021-1866-2	272593	Fixed
kernel-image-rpi-un	sisyphus	5.10.35-alt1	6.12.86-alt1	ALT-PU-2021-1776-2	271376	Fixed
kernel-image-rpi-un	p11	5.10.35-alt1	6.12.79-alt1	ALT-PU-2021-1776-2	271376	Fixed
kernel-image-rpi-un	p10	5.10.35-alt1	6.6.56-alt1	ALT-PU-2021-1776-2	271376	Fixed
kernel-image-rpi-un	p9	5.12.6-alt1	5.12.17-alt1	ALT-PU-2021-1896-3	273084	Fixed
kernel-image-rt	sisyphus	4.19.189-alt1.rt78	6.12.87-alt1	ALT-PU-2021-1768-2	271271	Fixed
kernel-image-rt	p11	4.19.189-alt1.rt78	6.12.85-alt1	ALT-PU-2021-1768-2	271271	Fixed
kernel-image-rt	p10	4.19.189-alt1.rt78	5.10.255-alt1.rt151	ALT-PU-2021-1768-2	271271	Fixed
kernel-image-rt	p9	4.19.189-alt1.rt78	4.19.189-alt1.rt78	ALT-PU-2021-3430-2	287828	Fixed
kernel-image-rt	c9f2	4.19.199-alt1.rt86	4.19.199-alt2.rt86	ALT-PU-2021-2671-2	283461	Fixed
kernel-image-std-def	p10	5.10.32-alt1	5.10.253-alt1	ALT-PU-2021-1706-2	270544	Fixed
kernel-image-std-def	p9	5.4.111-alt2	5.4.302-alt1	ALT-PU-2021-5081-1	270768	Fixed
kernel-image-std-def	c9f2	5.10.32-alt0.c9f	5.10.250-alt0.c9f.2	ALT-PU-2021-1739-1	270353	Fixed
kernel-image-std-kvm	p10	5.10.32-alt1	5.10.42-alt1	ALT-PU-2021-1711-2	270643	Fixed
kernel-image-un-def	sisyphus_riscv64	5.19.16-alt2.rv64	6.6.96-alt1.0.port	ALT-PU-2022-6777-1	-	Fixed
kernel-image-un-def	p10	5.12.10-alt1	6.1.169-alt1	ALT-PU-2021-1990-2	274393	Fixed
kernel-image-un-def	p9	5.10.37-alt1	5.10.255-alt1	ALT-PU-2021-1855-2	271841	Fixed
kernel-image-xenomai	p10	4.19.192-alt1.cip50.18	4.19.252-alt1.cip78.23	ALT-PU-2021-5019-1	274410	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://www.openwall.com/lists/oss-security/2021/05/10/1	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/10/2	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/10/3	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/10/4	Mailing List Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b	Mailing List Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	Mitigation Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	Mitigation Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
https://security.netapp.com/advisory/ntap-20210611-0008/	Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/04/18/2	Exploit Mailing List Patch Third Party Advisory
BDU:2021-04855

Affected configurations:
1. cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.10
  End excluding
  4.14.232
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.15
  End excluding
  4.19.189
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.20
  End excluding
  5.4.114
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  5.5
  End excluding
  5.10.32
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  5.11
  End excluding
  5.11.16
  cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
  cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
  cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Version: v26.2.2