Lucene search

K
cvelistPalo_altoCVELIST:CVE-2021-23133
HistoryApr 13, 2021 - 12:00 a.m.

CVE-2021-23133 Linux Kernel sctp_destroy_sock race condition

2021-04-1300:00:00
CWE-362
palo_alto
www.cve.org

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

CNA Affected

[
  {
    "product": "Linux Kernel",
    "vendor": "Linux Kernel",
    "versions": [
      {
        "lessThan": "5.12-rc8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%