CVE-2021-23133: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability (CVE-2021-23133) was discovered in Linux kernel SCTP sockets (net/sctp/socket.c) before version 5.12-rc8. The vulnerability was discovered by Or Cohen of Palo Alto Networks and publicly disclosed on April 18, 2021. The issue affects the SCTP socket implementation in the Linux kernel, specifically when sctp_destroy_sock is called without proper locking mechanisms (Openwall).

The vulnerability occurs when sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock being held, allowing an element to be removed from the auto_asconf_splist list without proper locking. This can happen in two scenarios: 1) In sctp_accept, if sctp_sock_migrate fails, or 2) In inet_create or inet6_create, if there is a BPF program attached to BPF_CGROUP_INET_SOCK_CREATE which denies creation of the SCTP socket. The issue was fixed with commit 34e5b01186858b36c4d7c87e1a025071e8e2401f after an initial fix was reverted (OSS Security).

When successfully exploited, this vulnerability could lead to kernel privilege escalation from the context of a network service or from an unprivileged process. The issue could result in denial of service (system crash), memory corruption, or potentially arbitrary code execution with elevated privileges (Ubuntu Security).

The vulnerability was patched in Linux kernel version 5.12-rc8. Multiple distributions have released updates to address this issue, including Ubuntu (versions 5.11.0-22.23 for 21.04, 5.8.0-59.66 for 20.10, and others), Fedora (versions 5.11.16 for Fedora 32, 33, and 34), and Debian (version 4.9.272-1 for Debian 9 stretch) (Ubuntu Security, Debian Security).