CVE-2021-23133
MEDIUMLinux kernel SCTP sockets <5.12-rc8 - Privilege Escalation
Title source: llmDescription
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
References (12)
Core 12
Core References
Exploit, Mailing List, Patch, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/04/18/2
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/10/1
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/10/2
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/10/4
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/10/3
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210611-0008/
Mitigation, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Mitigation, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Scores
CVSS v3
6.7
EPSS
0.0009
EPSS Percentile
25.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (17)
broadcom/brocade_fabric_operating_system
debian/debian_linux
9.0
fedoraproject/fedora
32
fedoraproject/fedora
33
fedoraproject/fedora
34
linux/linux_kernel
4.10 - 4.14.232
netapp/cloud_backup
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
... and 7 more
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026