CVE-2021-23133

{"id": "CVE-2021-23133", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2021-04-22T18:15:08.123", "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/10/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/10/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/10/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/10/4", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "tags": ["Mitigation", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "tags": ["Mitigation", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/", "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/", "source": "psirt@paloaltonetworks.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/", "source": "psirt@paloaltonetworks.com"}, {"url": "https://security.netapp.com/advisory/ntap-20210611-0008/", "tags": ["Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://www.openwall.com/lists/oss-security/2021/04/18/2", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket."}, {"lang": "es", "value": "Una condici\u00f3n de carrera en los sockets SCTP del kernel de Linux (el archivo net/sctp/socket.c) versiones anteriores a 5.12-rc8, puede conllevar a una escalada de privilegios del kernel desde el contexto de un servicio de red o un proceso no privilegiado. Si la funci\u00f3n sctp_destroy_sock es llamado sin sock_net (sk) -) sctp.addr_wq_lock, un elemento es eliminado de la lista auto_asconf_splist sin ning\u00fan bloqueo apropiado. Esto puede ser explotado por un atacante con privilegios de servicio de red para escalar a root o desde el contexto de un usuario no privilegiado directamente si un BPF_CGROUP_INET_SOCK_CREATE es adjuntado que niega la creaci\u00f3n de alg\u00fan socket SCTP"}], "lastModified": "2023-11-07T03:30:47.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA37000C-4A14-43C9-85B7-38769DC96041", "versionEndExcluding": "4.14.232", "versionStartIncluding": "4.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCCA659A-B6C8-4D6E-9598-364709A6D261", "versionEndExcluding": "4.19.189", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "997A4C67-E4A2-4FCD-A826-F74DB7AD54CA", "versionEndExcluding": "5.4.114", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7219CE54-2A13-423E-915D-1D30ADB4BE87", "versionEndExcluding": "5.10.32", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73E1B19B-5CED-4857-9364-96E77B8A8EAC", "versionEndExcluding": "5.11.16", "versionStartIncluding": "5.11"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"}, {"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "390BCCEF-BD91-426B-B89C-D9371A02FA9C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@paloaltonetworks.com"}