diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2021-06-22 00:18:55 +0200 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2021-06-22 00:18:55 +0200 |
commit | c5514b94af9266aad627312df336b975eedd67f8 (patch) | |
tree | a08140070dd99e823d3fe800431162ed2de02841 /retired/CVE-2021-23133 | |
parent | 82acbf4e2b302b3077bc09cc21d465afe762d540 (diff) |
Retire inactive issues
Diffstat (limited to 'retired/CVE-2021-23133')
-rw-r--r-- | retired/CVE-2021-23133 | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/retired/CVE-2021-23133 b/retired/CVE-2021-23133 new file mode 100644 index 00000000..2bf3fc43 --- /dev/null +++ b/retired/CVE-2021-23133 @@ -0,0 +1,23 @@ +Description: net/sctp: fix race condition in sctp_destroy_sock +References: + https://www.openwall.com/lists/oss-security/2021/04/18/2 +Notes: + carnil> Commit fixes 610236587600 ("bpf: Add new cgroup attach type to + carnil> enable sock modifications") in 4.10-rc1. Original fix + carnil> b166a20b0738 ("net/sctp: fix race condition in + carnil> sctp_destroy_sock") was reverted, as it caused a dead-lock, cf. + carnil> 01bfe5e8e428 ("Revert "net/sctp: fix race condition in + carnil> sctp_destroy_sock"") and then fixed with 34e5b0118685 ("sctp: + carnil> delay auto_asconf init until binding the first addr"). + carnil> Unclear yet if this is as well a problem for the 5.10.32, + carnil> 4.19.189 and 4.9.268 releases. + carnil> The fix needs to be redone as well for all stable series which + carnil> got the original patch applied. +Bugs: +upstream: released (5.13-rc1) [34e5b01186858b36c4d7c87e1a025071e8e2401f] +5.10-upstream-stable: released (5.10.37) [42f1b8653f85924743ea5b57b051a4e1f05b5e43] +4.19-upstream-stable: released (4.19.191) [59339c866e0428fb92bfb3f5290c49a5325d2494] +4.9-upstream-stable: released (4.9.269) [89e55e90c09c6e712c7254467c077802dfd99eaa] +sid: released (5.10.38-1) +4.19-buster-security: released (4.19.194-1) +4.9-stretch-security: released (4.9.272-1) |