oss-sec mailing list archives
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
From: Alex Murray <alex.murray () canonical com>
Date: Mon, 10 May 2021 16:22:20 +0930
On Mon, 2021-05-10 at 15:40:53 +0930, Salvatore Bonaccorso wrote:
Hi Alex, On Mon, May 10, 2021 at 03:28:02PM +0930, Alex Murray wrote:On Mon, 2021-05-10 at 13:54:43 +0930, Salvatore Bonaccorso wrote: > Hi,> > On Sun, Apr 18, 2021 at 11:41:06AM +0300, Or Cohen wrote:> > Hello,> > > > This is an announcement about CVE-2021-23133 which is a > > race-condition> > I found in Linux kernel sctp sockets (net/sctp/socket.c). It can > > lead to kernel > > privilege escalation from the context of a network service or from > > an unprivileged process if certain conditions are met.> > > > The bug was fixed on April 13, 2021:> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b> > It looks that additionally> https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f > refer to CVE-2021-23133. It seems b166a20b07382b8bc1dcee2a448715c9c2c81b5b got reverted in the follow-up commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/sctp/socket.c?id=01bfe5e8e428b475982a98a46cca5755726f3f7f and so 34e5b01186858b36c4d7c87e1a025071e8e2401f would appear to be the most correct fix from what I can tell.Ah right, I missed the revert of the original commit. Thanks for pointing that to me.
No worries - thanks for pointing out the new commit otherwise I wouldn't have gone investigating to find the revert ;)
Regards, Salvatore
Current thread:
- CVE-2021-23133: Linux kernel: race condition in sctp sockets Or Cohen (Apr 18)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)