Bug 2014970 (CVE-2021-3894) - CVE-2021-3894 kernel: sctp: local DoS: unprivileged user can cause BUG()
Summary: CVE-2021-3894 kernel: sctp: local DoS: unprivileged user can cause BUG()
Keywords:
Status: CLOSED DUPLICATE of bug 2042822
Alias: CVE-2021-3894
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2016890 2016891 2020393 2050038
Blocks: 2014939
TreeView+ depends on / blocked
 
Reported: 2021-10-18 06:56 UTC by Dhananjay Arunesh
Modified: 2022-03-02 14:21 UTC (History)
52 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel. This flaw allows an unprivileged local user to panic the system, resulting in a denial of service by calling setsockopt(2) with specially crafted arguments. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2022-03-02 14:20:16 UTC
Embargoed:

Attachments (Terms of Use)

Description Dhananjay Arunesh 2021-10-18 06:56:06 UTC 
A vulnerability was found in the Linux kernel where an unprivileged local lser can panic the system and create a denial of service by calling setsockopt(2) with specially crafted arguements.
Comment 9 Wade Mealing 2022-02-03 04:38:36 UTC 
This flaw was fixed in kernel-4.18.0-356.el8 and newer by commit 23a1bbe06fb43.
Comment 10 Wade Mealing 2022-02-03 05:07:46 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2050038]
Comment 11 Wade Mealing 2022-02-03 05:22:36 UTC 
Initial checks of fedoras kernels in 35 show that this is already fixed, but i'll let the fedora sec team make that call.
Comment 12 Justin M. Forbes 2022-02-03 23:10:34 UTC 
This was fixed for Fedora with the 5.14.14 stable kernel updates.
Comment 13 Salvatore Bonaccorso 2022-02-04 04:56:55 UTC 
What is the upstream fix for this issue?
Comment 14 Salvatore Bonaccorso 2022-02-04 05:09:42 UTC 
The bug here depends on #2020393 and for kernel-4.18.0-356.el8

- sctp: fix transport encap_port update in sctp_vtag_verify (Xin Long) [2020393]
- sctp: account stream padding length for reconf chunk (Xin Long) [2020393]
- sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb (Xin Long) [2020393]

but unfortunately https://git.centos.org/rpms/kernel/c/23a1bbe06fb43 would not exists. 

Is it then https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c ?
Comment 15 Salvatore Bonaccorso 2022-02-13 15:15:07 UTC 
Additionally to this question, in case the fix is the correct one, are then CVE-2021-3894 and CVE-2022-0322 duplicates?
Comment 16 Wade Mealing 2022-02-22 04:02:14 UTC 
Gday Carnil, they very well might be duplicates.   Your upstream link looks like the correct fix.

 I'm going to set the needinfo on Rohit as I am no longer doing flaw analaysis, sorry for the delay in updates.

Thanks.
Comment 17 Rohit Keshri 2022-03-02 14:19:13 UTC 
Hello Carnil and Wade, Thank you for reporting this to us, you are right CVE-2021-3894 is a duplicate of CVE-2022-0322, and we are going to reject CVE-2021-3894.
Comment 18 Rohit Keshri 2022-03-02 14:21:20 UTC 

*** This bug has been marked as a duplicate of bug 2042822 ***
Note You need to log in before you can comment on or make changes to this bug.