oss-sec mailing list archives
Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
From: Alex Murray <alex.murray () canonical com>
Date: Mon, 10 May 2021 15:28:02 +0930
On Mon, 2021-05-10 at 13:54:43 +0930, Salvatore Bonaccorso wrote:
Hi, On Sun, Apr 18, 2021 at 11:41:06AM +0300, Or Cohen wrote:Hello, This is an announcement about CVE-2021-23133 which is a race-conditionI found in Linux kernel sctp sockets (net/sctp/socket.c). It can lead to kernelprivilege escalation from the context of a network service or from an unprivileged process if certain conditions are met. The bug was fixed on April 13, 2021: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5bIt looks that additionally https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f refer to CVE-2021-23133.
It seems b166a20b07382b8bc1dcee2a448715c9c2c81b5b got reverted in the follow-up commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/sctp/socket.c?id=01bfe5e8e428b475982a98a46cca5755726f3f7f and so 34e5b01186858b36c4d7c87e1a025071e8e2401f would appear to be the most correct fix from what I can tell.
Are both commits necessary? Regards, Salvatore
Current thread:
- CVE-2021-23133: Linux kernel: race condition in sctp sockets Or Cohen (Apr 18)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Alex Murray (May 10)
- Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets Salvatore Bonaccorso (May 09)