CVE-2021-43267: Linux Kernel TIPC Remote Code Execution Vulnerability Alert

Recently, Linux officially issued a risk notice for remote code execution of Linux Kernel TIPC, the vulnerability number is CVE-2021-43267, the vulnerability level is serious.
TIPC (Transparent Inter Process Communication) is a protocol designed for communication within a cluster. It can be configured to transmit messages via UDP or directly via Ethernet. Message delivery is sequence guaranteed, no loss, and flow control.
Linux kernel updates

Vulnerability Detail

A vulnerability was found in net/tipc/crypto.c in the Linux kernel before 5.14.16. The transparent inter-process communication (TIPC) feature allows remote attackers to take advantage of the insufficient verification of the MSG_CRYPTO message type provided by the user. This vulnerability is a heap overflow vulnerability. Attackers can remotely or locally use this vulnerability to execute arbitrary code, gain kernel permissions, and attack the entire system.

Affected version

  • Linux kernel 5.10-rc1  5.14.15

Unaffected version

  • Linux kernel 5.14.16

Solution

In this regard, we recommend that users upgrade the Linux Kernel to the latest version in time.