{"api_version":"1","generated_at":"2026-04-22T23:31:29+00:00","cve":"CVE-2021-23133","urls":{"html":"https://cve.report/CVE-2021-23133","api":"https://cve.report/api/cve/CVE-2021-23133.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-23133","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-23133"},"summary":{"title":"CVE-2021-23133","description":"A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.","state":"PUBLIC","assigner":"psirt@paloaltonetworks.com","published_at":"2021-04-22 18:15:00","updated_at":"2023-11-07 03:30:00"},"problem_types":["CWE-362"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/","name":"FEDORA-2021-e6b4847979","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: kernel-5.11.16-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/","name":"FEDORA-2021-a963f04012","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: kernel-5.11.16-300.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/","name":"FEDORA-2021-a963f04012","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: kernel-5.11.16-300.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html","name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2689-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/","name":"FEDORA-2021-e6b4847979","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: kernel-5.11.16-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/","name":"FEDORA-2021-8cd093f639","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: kernel-5.11.16-100.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html","name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2690-1] linux-4.19 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20210611-0008/","name":"https://security.netapp.com/advisory/ntap-20210611-0008/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-23133 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/10/2","name":"[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-2021-23133: Linux kernel: race condition in\n sctp sockets","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b","name":"N/A","refsource":"CONFIRM","tags":[],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/10/4","name":"[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-2021-23133: Linux kernel: race condition in\n sctp sockets","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/","name":"FEDORA-2021-8cd093f639","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: kernel-5.11.16-100.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/10/1","name":"[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-2021-23133: Linux kernel: race condition in\n sctp sockets","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.openwall.com/lists/oss-security/2021/04/18/2","name":"N/A","refsource":"CONFIRM","tags":[],"title":"oss-security - CVE-2021-23133: Linux kernel: race condition in sctp sockets","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/10/3","name":"[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-2021-23133: Linux kernel: race condition in\n sctp sockets","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-23133","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23133","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Or Cohen from Palo Alto Networks","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"broadcom","cpe5":"brocade_fabric_operating_system","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.12","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.12","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.12","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.12","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.12","cpe7":"rc4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.12","cpe7":"rc5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.12","cpe7":"rc6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.12","cpe7":"rc7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"cloud_backup","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"solidfire_baseboard_management_controller","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"solidfire_baseboard_management_controller_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_\\&_hci_management_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-23133","qid":"159277","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9306)"},{"cve":"CVE-2021-23133","qid":"159278","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9307)"},{"cve":"CVE-2021-23133","qid":"159304","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9349)"},{"cve":"CVE-2021-23133","qid":"159305","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9351)"},{"cve":"CVE-2021-23133","qid":"159306","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9362)"},{"cve":"CVE-2021-23133","qid":"159307","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9363)"},{"cve":"CVE-2021-23133","qid":"159492","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2021-4356)"},{"cve":"CVE-2021-23133","qid":"178679","title":"Debian Security Update for linux-4.19 (DLA 2690-1)"},{"cve":"CVE-2021-23133","qid":"178680","title":"Debian Security Update for linux (DLA 2689-1)"},{"cve":"CVE-2021-23133","qid":"179939","title":"Debian Security Update for linux (CVE-2021-23133)"},{"cve":"CVE-2021-23133","qid":"198416","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4997-1)"},{"cve":"CVE-2021-23133","qid":"198417","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4999-1)"},{"cve":"CVE-2021-23133","qid":"198418","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-5000-1)"},{"cve":"CVE-2021-23133","qid":"198419","title":"Ubuntu Security Notification for Linux kernel (OEM) vulnerabilities (USN-5001-1)"},{"cve":"CVE-2021-23133","qid":"198421","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-5003-1)"},{"cve":"CVE-2021-23133","qid":"198425","title":"Ubuntu Security Notification for Linux kernel (KVM) vulnerabilities (USN-5000-2)"},{"cve":"CVE-2021-23133","qid":"198426","title":"Ubuntu Security Notification for Linux kernel (KVM) vulnerabilities (USN-4997-2)"},{"cve":"CVE-2021-23133","qid":"239816","title":"Red Hat Update for kernel security (RHSA-2021:4356)"},{"cve":"CVE-2021-23133","qid":"239879","title":"Red Hat Update for kernel-rt (RHSA-2021:4140)"},{"cve":"CVE-2021-23133","qid":"281274","title":"Fedora Security Update for kernel (FEDORA-2021-a963f04012)"},{"cve":"CVE-2021-23133","qid":"281275","title":"Fedora Security Update for kernel (FEDORA-2021-e6b4847979)"},{"cve":"CVE-2021-23133","qid":"281276","title":"Fedora Security Update for kernel (FEDORA-2021-8cd093f639)"},{"cve":"CVE-2021-23133","qid":"352366","title":"Amazon Linux Security Advisory for kernel: ALAS-2021-1503"},{"cve":"CVE-2021-23133","qid":"352375","title":"Amazon Linux Security Advisory for kernel: ALAS2-2021-1636"},{"cve":"CVE-2021-23133","qid":"353148","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-003"},{"cve":"CVE-2021-23133","qid":"353159","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-001"},{"cve":"CVE-2021-23133","qid":"376371","title":"F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Linux kernel Vulnerability (K67416037)"},{"cve":"CVE-2021-23133","qid":"6140265","title":"AWS Bottlerocket Security Update for kernel (GHSA-x849-g985-wxr9)"},{"cve":"CVE-2021-23133","qid":"670416","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-1983)"},{"cve":"CVE-2021-23133","qid":"670438","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2062)"},{"cve":"CVE-2021-23133","qid":"670449","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2051)"},{"cve":"CVE-2021-23133","qid":"750117","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1891-1)"},{"cve":"CVE-2021-23133","qid":"750125","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1887-1)"},{"cve":"CVE-2021-23133","qid":"750139","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1913-1)"},{"cve":"CVE-2021-23133","qid":"750140","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1912-1)"},{"cve":"CVE-2021-23133","qid":"750864","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:2421-1)"},{"cve":"CVE-2021-23133","qid":"900096","title":"CBL-Mariner Linux Security Update for kernel 5.10.52.1"},{"cve":"CVE-2021-23133","qid":"900304","title":"CBL-Mariner Linux Security Update for kernel 5.10.57.1"},{"cve":"CVE-2021-23133","qid":"900319","title":"CBL-Mariner Linux Security Update for kernel 5.10.60.1"},{"cve":"CVE-2021-23133","qid":"901089","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6530-1)"},{"cve":"CVE-2021-23133","qid":"902857","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (4156)"},{"cve":"CVE-2021-23133","qid":"905762","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (4156-1)"},{"cve":"CVE-2021-23133","qid":"940265","title":"AlmaLinux Security Update for kernel (ALSA-2021:4356)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@paloaltonetworks.com","DATE_PUBLIC":"2021-04-13T10:25:00.000Z","ID":"CVE-2021-23133","STATE":"PUBLIC","TITLE":"Linux Kernel sctp_destroy_sock race condition"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Linux Kernel","version":{"version_data":[{"version_affected":"<","version_value":"5.12-rc8"}]}}]},"vendor_name":"Linux Kernel"}]}},"credit":[{"lang":"eng","value":"Or Cohen from Palo Alto Networks"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.openwall.com/lists/oss-security/2021/04/18/2","name":"https://www.openwall.com/lists/oss-security/2021/04/18/2"},{"refsource":"MISC","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b","name":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b"},{"refsource":"FEDORA","name":"FEDORA-2021-8cd093f639","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/"},{"refsource":"FEDORA","name":"FEDORA-2021-e6b4847979","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/"},{"refsource":"FEDORA","name":"FEDORA-2021-a963f04012","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/"},{"refsource":"MLIST","name":"[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets","url":"http://www.openwall.com/lists/oss-security/2021/05/10/1"},{"refsource":"MLIST","name":"[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets","url":"http://www.openwall.com/lists/oss-security/2021/05/10/2"},{"refsource":"MLIST","name":"[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets","url":"http://www.openwall.com/lists/oss-security/2021/05/10/4"},{"refsource":"MLIST","name":"[oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets","url":"http://www.openwall.com/lists/oss-security/2021/05/10/3"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210611-0008/","url":"https://security.netapp.com/advisory/ntap-20210611-0008/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]},"solution":[{"lang":"eng","value":"This issue is fixed in Linux kernel 5.12-rc8."}],"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-04-22 18:15:00","lastModifiedDate":"2023-11-07 03:30:00","problem_types":["CWE-362"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.11.16","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.32","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.114","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.189","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"4.14.232","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"23133","Ordinal":"197879","Title":"CVE-2021-23133","CVE":"CVE-2021-23133","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"23133","Ordinal":"1","NoteData":"A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"23133","Ordinal":"2","NoteData":"2021-04-22","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"23133","Ordinal":"3","NoteData":"2021-06-22","Type":"Other","Title":"Modified"}]}}}