CVE-2021-46999

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is caused by a transport use-after-free problem in the Linux kernel's SCTP implementation. When processing a duplicate COOKIE-ECHO chunk in sctp sf do dupcook a(), both COOKIE-ACK and SHUTDOWN chunks are allocated with the transport from the new association. However, later in the side-effect machine, the old association is used to send them out, and the old association's shutdown last sent to is set to the transport that the SHUTDOWN chunk is attached to in sctp cmd setup t2(), which actually belongs to the new association. After the new association is freed and the old association's T2 timeout, the old association's shutdown last sent to that is already freed would be accessed in sctp sf t2 timer expire(). This results in a panic. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.