oss-sec mailing list archives
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 10 May 2021 06:24:43 +0200
Hi, On Sun, Apr 18, 2021 at 11:41:06AM +0300, Or Cohen wrote:
Hello, This is an announcement about CVE-2021-23133 which is a race-condition I found in Linux kernel sctp sockets (net/sctp/socket.c). It can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met. The bug was fixed on April 13, 2021: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
It looks that additionally https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f refer to CVE-2021-23133. Are both commits necessary? Regards, Salvatore
Current thread:
- CVE-2021-23133: Linux kernel: race condition in sctp sockets Or Cohen (Apr 18)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)