CVE-2021-23133

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12-rc8

Description A race condition in the Linux kernel's SCTP sockets can lead to kernel privilege escalation. This issue arises when sctp destroy sock is called without proper locking, allowing an element to be removed from the auto asconf splist list. An attacker with network service privileges can exploit this to escalate to root, or an unprivileged user can exploit it directly if a BPF CGROUP INET SOCK CREATE is attached, which denies the creation of some SCTP sockets.

Recommendations For Linux kernel versions prior to 5.12-rc8, update to version 5.12-rc8 or later to resolve the issue. As a temporary workaround, consider restricting the use of SCTP sockets or disabling the sctp destroy sock function until a patch is available. Additionally, avoid using BPF CGROUP INET SOCK CREATE to deny the creation of SCTP sockets until the issue is resolved.