A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Additional information: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df
At this time I don't see any upstream patches
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2002157]
At this time a patch is being developed and I don't know the upstream patch details or link, if someone drops it in here, I can put it in comment #0. Thanks.
While going through some CVEs related for the Linux kernel I stumpled over CVE-2021-3772. Are the patches upstream? Is https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c related o this issue?
I don't think it is.
In meanwhile in mainline the following appeared: https://git.kernel.org/linus/32f8807a48ae55be0e76880cfe8607a18b5bb0df
I believe Carnil is correct. It appears that patchset solves the issue.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1975 https://access.redhat.com/errata/RHSA-2022:1975
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1988 https://access.redhat.com/errata/RHSA-2022:1988
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3772