CVE-2021-23133

CVSS v3.1 7 (High)

CVSS v2.0 6.9 (Medium)

EPSS 0.08 % (34^th)

Affected Products 24

Advisories 40

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE Status: PUBLISHED
CNA: Palo Alto Networks, Inc.
Published Date: 2021-04-22 18:15:08
(3 years ago)
Updated Date: 2023-11-07 03:30:47
(10 months ago)

Affected Products

Netapp

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.10 version and prior 4.14.232 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.14.232
Linux Kernel from 4.15 version and prior 4.19.189 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.189
Linux Kernel from 4.20 version and prior 5.4.114 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.114
Linux Kernel from 5.5 version and prior 5.10.32 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.32
Linux Kernel from 5.11 version and prior 5.11.16 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.11.16

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 32	cpe:2.3:o:fedoraproject:fedora:32
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34

Configuration #3

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #4

		CPE23	From	Up To
	Netapp Cloud Backup	cpe:2.3:a:netapp:cloud_backup:-
	Netapp Solidfire & Hci Management Node	cpe:2.3:a:netapp:solidfire_\%26_hci_management_node:-

Configuration #5

		CPE23	From	Up To
	Broadcom Brocade Fabric Operating System	cpe:2.3:o:broadcom:brocade_fabric_operating_system:-

Configuration #6

AND

		CPE23
OR
	Netapp H410c Firmware	cpe:2.3:o:netapp:h410c_firmware:-
OR
	Running on/with
	Netapp H410c	cpe:2.3:h:netapp:h410c:-

Configuration #7

AND

		CPE23
OR
	Netapp H300s Firmware	cpe:2.3:o:netapp:h300s_firmware:-
OR
	Running on/with
	Netapp H300s	cpe:2.3:h:netapp:h300s:-

Configuration #8

AND

		CPE23
OR
	Netapp H500s Firmware	cpe:2.3:o:netapp:h500s_firmware:-
OR
	Running on/with
	Netapp H500s	cpe:2.3:h:netapp:h500s:-

Configuration #9

AND

		CPE23
OR
	Netapp H700s Firmware	cpe:2.3:o:netapp:h700s_firmware:-
OR
	Running on/with
	Netapp H700s	cpe:2.3:h:netapp:h700s:-

Configuration #10

AND

		CPE23
OR
	Netapp H300e Firmware	cpe:2.3:o:netapp:h300e_firmware:-
OR
	Running on/with
	Netapp H300e	cpe:2.3:h:netapp:h300e:-

Configuration #11

AND

		CPE23
OR
	Netapp H500e Firmware	cpe:2.3:o:netapp:h500e_firmware:-
OR
	Running on/with
	Netapp H500e	cpe:2.3:h:netapp:h500e:-

Configuration #12

AND

		CPE23
OR
	Netapp H700e Firmware	cpe:2.3:o:netapp:h700e_firmware:-
OR
	Running on/with
	Netapp H700e	cpe:2.3:h:netapp:h700e:-

Configuration #13

AND

		CPE23
OR
	Netapp H410s Firmware	cpe:2.3:o:netapp:h410s_firmware:-
OR
	Running on/with
	Netapp H410s	cpe:2.3:h:netapp:h410s:-

Configuration #14

AND

		CPE23
OR
	Netapp Solidfire Baseboard Management Controller Firmware	cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-
OR
	Running on/with
	Netapp Solidfire Baseboard Management Controller	cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-