[SRU Bionic, Groovy, Focal/linux-oem-5.6, Focal/linux-oem-5.10 0/2] CVE-2021-23133
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed May 26 15:11:26 UTC 2021
[Impact]
When a SCTP socket fails to be created because of an attached BPF program, a
race might cause a list to be corrupt.
[Fix]
A first fix was submitted and accepted but found to cause potential lockups.
In kernels where this fix has been applied, it was reverted and the second
fix was applied. In other kernels, only the second fix was applied.
[Test]
A reproducer for the list corruption was tested with slub_debug=FZP,SCTP,
because that was the only condition where the corruption could be noticed.
Also, the syzbot reproducer for the lockup was run, though there was no
indication of a lockup on an unpatched kernel.
[Potential regressions]
SCTP asconf might fail to work properly, or lockups might happen when creating
or destroying SCTP sockets.
Xin Long (1):
Revert "net/sctp: fix race condition in sctp_destroy_sock"
sctp: delay auto_asconf init until binding the first addr
net/sctp/socket.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
--
2.30.2
More information about the kernel-team
mailing list