CVE-2021-23133 log
Source |
|
Severity | Medium |
Remote | No |
Type | Privilege escalation |
Description | A race condition was found in the Linux kernel before version 5.12.4 in sctp_destroy_sock. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock held and sp->do_auto_asconf is true, then an element is removed from the auto_asconf_splist without any proper locking. This can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1961 | linux-lts | 5.10.36-2 | 5.10.37-1 | Medium | Fixed | |
AVG-1960 | linux-hardened | 5.11.20.hardened1-2 | 5.11.21.hardened1-1 | Medium | Fixed | |
AVG-1959 | linux-zen | 5.12.3.zen2-1 | 5.12.4.zen1-1 | Medium | Fixed | |
AVG-1958 | linux | 5.12.3.arch2-1 | 5.12.4.arch1-1 | Medium | Fixed |