Lucene search

[email protected]NVD:CVE-2021-23133

HistoryApr 22, 2021 - 6:15 p.m.

CVE-2021-23133

2021-04-2218:15:08

CWE-362

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

33.3%

JSON

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

Affected configurations

NVD

Node

linuxlinux_kernelRange4.10–4.14.232

linuxlinux_kernelRange4.15–4.19.189

linuxlinux_kernelRange4.20–5.4.114

linuxlinux_kernelRange5.5–5.10.32

linuxlinux_kernelRange5.11–5.11.16

Node

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

Node

debiandebian_linuxMatch9.0

Node

netappcloud_backupMatch-

netappsolidfire_\&_hci_management_nodeMatch-

Node

broadcombrocade_fabric_operating_systemMatch-

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph300eMatch-

AND

netapph300e_firmwareMatch-

Node

netapph500eMatch-

AND

netapph500e_firmwareMatch-

Node

netapph700eMatch-

AND

netapph700e_firmwareMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netappsolidfire_baseboard_management_controller_firmwareMatch-

AND

netappsolidfire_baseboard_management_controllerMatch-

References

www.openwall.com/lists/oss-security/2021/05/10/1

www.openwall.com/lists/oss-security/2021/05/10/2

www.openwall.com/lists/oss-security/2021/05/10/3

www.openwall.com/lists/oss-security/2021/05/10/4

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b

lists.debian.org/debian-lts-announce/2021/06/msg00019.html

lists.debian.org/debian-lts-announce/2021/06/msg00020.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/

security.netapp.com/advisory/ntap-20210611-0008/

www.openwall.com/lists/oss-security/2021/04/18/2

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for NVD:CVE-2021-23133

veracode1 cbl_mariner2 nessus58 redhatcve1 ubuntucve1 prion1 cvelist1 photon4 f51 cve1 debiancve1 fedora9 mageia4 openvas33 osv8 ubuntu7 oraclelinux7 amazon3 cloudfoundry1 debian2 almalinux1 redos1 redhat4