A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1951582]
Statement: This issue is rated as having a Moderate impact because of the privileges required for running the known reproducer. The required privileges are CAP_BPF and CAP_NET_ADMIN capabilities that are disabled by default in Red Hat Enterprise Linux 7. For Red Hat Enterprise Linux 8, the SCTP protocol itself is disabled by default and cannot be used by a user without enablement by an administrator.
External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
Mitigation: To mitigate this issue, prevent the module sctp from being loaded (and this is so by default for Red Hat Enterprise Linux 8). Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
Acknowledgments: Name: Or Cohen (Palo Alto Networks)
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4140 https://access.redhat.com/errata/RHSA-2021:4140
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4356 https://access.redhat.com/errata/RHSA-2021:4356
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23133