Bug 1948772 (CVE-2021-23133) - CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del
Summary: CVE-2021-23133 kernel: Race condition in sctp_destroy_sock list_del
Keywords:
Status: NEW
Alias: CVE-2021-23133
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1951914 1951915 1951916 1951917 1952019 1952020 1952021 1952022 1952212 1951582 1952018
Blocks: 1948773
TreeView+ depends on / blocked
 
Reported: 2021-04-12 21:16 UTC by Pedro Sampaio
Modified: 2021-06-03 11:55 UTC (History)
47 users (show)

Fixed In Version: Kernel 5.12
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2021-04-12 21:16:59 UTC
A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.


External References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b

Comment 2 Alex 2021-04-20 13:57:44 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1951582]

Comment 7 RaTasha Tillery-Smith 2021-04-21 13:52:21 UTC
Statement:

This issue is rated as having a Moderate impact because of the privileges required for running the known reproducer. The required privileges are CAP_BPF and CAP_NET_ADMIN capabilities that are disabled by default in Red Hat Enterprise Linux 7. For Red Hat Enterprise Linux 8, the SCTP protocol itself is disabled by default and cannot be used by a user without enablement by an administrator.

Comment 9 Alex 2021-04-21 18:44:36 UTC
Mitigation:

To mitigate this issue, prevent the module sctp from being loaded (and this is so by default for Red Hat Enterprise Linux 8). Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Comment 10 Alex 2021-04-21 18:46:02 UTC
Acknowledgments:

Name: Or Cohen (Palo Alto Networks)


Note You need to log in before you can comment on or make changes to this bug.