CVE-2021-23133 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Privilege escalation
Description	A race condition was found in the Linux kernel before version 5.12.4 in sctp_destroy_sock. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock held and sp->do_auto_asconf is true, then an element is removed from the auto_asconf_splist without any proper locking. This can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met.

Group	Package	Affected	Fixed	Severity	Status
AVG-1961	linux-lts	5.10.36-2	5.10.37-1	Medium	Fixed
AVG-1960	linux-hardened	5.11.20.hardened1-2	5.11.21.hardened1-1	Medium	Fixed
AVG-1959	linux-zen	5.12.3.zen2-1	5.12.4.zen1-1	Medium	Fixed
AVG-1958	linux	5.12.3.arch2-1	5.12.4.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/04/18/2 https://www.openwall.com/lists/oss-security/2021/05/10/3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.4&id=f7a805d1bb53c61d9539e5801af564958d1974d7 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.21&id=61ba899553de1930afd8a75b579606b4d8bbb489 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.37&id=42f1b8653f85924743ea5b57b051a4e1f05b5e43

References

https://www.openwall.com/lists/oss-security/2021/04/18/2
https://www.openwall.com/lists/oss-security/2021/05/10/3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.4&id=f7a805d1bb53c61d9539e5801af564958d1974d7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.21&id=61ba899553de1930afd8a75b579606b4d8bbb489
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.37&id=42f1b8653f85924743ea5b57b051a4e1f05b5e43