CVE-2021-23133

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b

https://www.openwall.com/lists/oss-security/2021/04/18/2

https://lists.fedoraproject.org/archives/list/[email protected]/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/

https://lists.fedoraproject.org/archives/list/[email protected]/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/

https://lists.fedoraproject.org/archives/list/[email protected]/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/

http://www.openwall.com/lists/oss-security/2021/05/10/1

http://www.openwall.com/lists/oss-security/2021/05/10/2

http://www.openwall.com/lists/oss-security/2021/05/10/3

http://www.openwall.com/lists/oss-security/2021/05/10/4

https://security.netapp.com/advisory/ntap-20210611-0008/

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

Details

Source: MITRE

Published: 2021-04-22

Updated: 2021-06-23

Type: CWE-362

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (49 total)

IDNameProductFamilySeverity
155425Oracle Linux 8 : kernel (ELSA-2021-4356)NessusOracle Linux Local Security Checks
high
155219RHEL 8 : kernel (RHSA-2021:4356)NessusRed Hat Local Security Checks
high
155172RHEL 8 : kernel-rt (RHSA-2021:4140)NessusRed Hat Local Security Checks
high
155145CentOS 8 : kernel (CESA-2021:4356)NessusCentOS Local Security Checks
high
155070CentOS 8 : kernel-rt (CESA-2021:4140)NessusCentOS Local Security Checks
high
153131Ubuntu 20.04 LTS : Linux kernel (KVM) vulnerabilities (USN-5000-2)NessusUbuntu Local Security Checks
high
153127Ubuntu 21.04 : Linux kernel (KVM) vulnerabilities (USN-4997-2)NessusUbuntu Local Security Checks
medium
152167SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2021:2577-1)NessusSuSE Local Security Checks
high
152062SUSE SLES12 Security Update : kernel (Live Patch 17 for SLE 12 SP5) (SUSE-SU-2021:2460-1)NessusSuSE Local Security Checks
high
152048SUSE SLES12 Security Update : kernel (Live Patch 13 for SLE 12 SP5) (SUSE-SU-2021:2453-1)NessusSuSE Local Security Checks
high
151986SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2421-1)NessusSuSE Local Security Checks
high
151804SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP2) (SUSE-SU-2021:2377-1)NessusSuSE Local Security Checks
high
151802SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2021:2384-1)NessusSuSE Local Security Checks
high
151801SUSE SLES15 Security Update : kernel (Live Patch 7 for SLE 15 SP2) (SUSE-SU-2021:2387-1)NessusSuSE Local Security Checks
high
151763SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP2) (SUSE-SU-2021:2366-1)NessusSuSE Local Security Checks
high
151761SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 15 for SLE 12 SP4) (SUSE-SU-2021:2367-1)NessusSuSE Local Security Checks
high
151757SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 11 for SLE 12 SP5) (SUSE-SU-2021:2361-1)NessusSuSE Local Security Checks
high
151690Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9362)NessusOracle Linux Local Security Checks
high
151689Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9363)NessusOracle Linux Local Security Checks
high
151659SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 16 for SLE 12 SP5) (SUSE-SU-2021:2332-1)NessusSuSE Local Security Checks
high
151657SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP1) (SUSE-SU-2021:2344-1)NessusSuSE Local Security Checks
high
151529Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9351)NessusOracle Linux Local Security Checks
high
151506Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9349)NessusOracle Linux Local Security Checks
high
151307EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-2075)NessusHuawei Local Security Checks
high
151240EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2062)NessusHuawei Local Security Checks
high
151238EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2051)NessusHuawei Local Security Checks
high
151042EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1983)NessusHuawei Local Security Checks
high
150985Debian DLA-2689-1 : linux security updateNessusDebian Local Security Checks
high
150984Debian DLA-2690-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
150957Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5000-1)NessusUbuntu Local Security Checks
high
150955Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5001-1)NessusUbuntu Local Security Checks
medium
150954Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4999-1)NessusUbuntu Local Security Checks
high
150953Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4997-1)NessusUbuntu Local Security Checks
medium
150952Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-5003-1)NessusUbuntu Local Security Checks
high
150783Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9307)NessusOracle Linux Local Security Checks
high
150778Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9306)NessusOracle Linux Local Security Checks
high
150687SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1899-1)NessusSuSE Local Security Checks
high
150472SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:1913-1)NessusSuSE Local Security Checks
high
150470SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1912-1)NessusSuSE Local Security Checks
high
150413SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1887-1)NessusSuSE Local Security Checks
high
150396SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1891-1)NessusSuSE Local Security Checks
high
150271EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1967)NessusHuawei Local Security Checks
high
150253EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1971)NessusHuawei Local Security Checks
high
149872Amazon Linux AMI : kernel (ALAS-2021-1503)NessusAmazon Linux Local Security Checks
high
149870Amazon Linux 2 : kernel (ALAS-2021-1636)NessusAmazon Linux Local Security Checks
high
149833Photon OS 3.0: Linux PHSA-2021-3.0-0237NessusPhotonOS Local Security Checks
high
149824Photon OS 4.0: Linux PHSA-2021-4.0-0029NessusPhotonOS Local Security Checks
high
149053Photon OS 4.0: Linux PHSA-2021-4.0-0013NessusPhotonOS Local Security Checks
high
149052Photon OS 3.0: Linux PHSA-2021-3.0-0224NessusPhotonOS Local Security Checks
high