CVE-2021-23133

CVSS V2 Medium 6.9 CVSS V3 High 7
Description
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
Overview
  • CVE ID
  • CVE-2021-23133
  • Assigner
  • psirt@paloaltonetworks.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-04-22T18:15:08
  • Last Modified Date
  • 2022-10-07T02:56:54
Weakness Enumerations
CWE URL
CWE-362 http://cwe.mitre.org/data/definitions/362.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 1 OR 5.12
cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.12:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.12:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.12:rc6:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:5.12:rc7:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 6.9
  • Severity
  • MEDIUM
  • Exploitability Score
  • 3.4
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b Mailing List Patch Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/04/18/2 Exploit Mailing List Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
http://www.openwall.com/lists/oss-security/2021/05/10/1
http://www.openwall.com/lists/oss-security/2021/05/10/2
http://www.openwall.com/lists/oss-security/2021/05/10/3
http://www.openwall.com/lists/oss-security/2021/05/10/4
https://security.netapp.com/advisory/ntap-20210611-0008/
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-23133
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133
History
Created Old Value New Value Data Type Notes
2022-05-10 07:10:18 Added to TrackCVE
2022-12-06 02:16:26 2021-04-22T18:15Z 2021-04-22T18:15:08 CVE Published Date updated
2022-12-06 02:16:26 2022-10-07T02:56:54 CVE Modified Date updated
2022-12-06 02:16:26 Analyzed Vulnerability Status updated