A vulnerability was found in the Linux kernel where an unprivileged local lser can panic the system and create a denial of service by calling setsockopt(2) with specially crafted arguements.
This flaw was fixed in kernel-4.18.0-356.el8 and newer by commit 23a1bbe06fb43.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2050038]
Initial checks of fedoras kernels in 35 show that this is already fixed, but i'll let the fedora sec team make that call.
This was fixed for Fedora with the 5.14.14 stable kernel updates.
What is the upstream fix for this issue?
The bug here depends on #2020393 and for kernel-4.18.0-356.el8 - sctp: fix transport encap_port update in sctp_vtag_verify (Xin Long) [2020393] - sctp: account stream padding length for reconf chunk (Xin Long) [2020393] - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb (Xin Long) [2020393] but unfortunately https://git.centos.org/rpms/kernel/c/23a1bbe06fb43 would not exists. Is it then https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c ?
Additionally to this question, in case the fix is the correct one, are then CVE-2021-3894 and CVE-2022-0322 duplicates?
Gday Carnil, they very well might be duplicates. Your upstream link looks like the correct fix. I'm going to set the needinfo on Rohit as I am no longer doing flaw analaysis, sorry for the delay in updates. Thanks.
Hello Carnil and Wade, Thank you for reporting this to us, you are right CVE-2021-3894 is a duplicate of CVE-2022-0322, and we are going to reject CVE-2021-3894.
*** This bug has been marked as a duplicate of bug 2042822 ***