CVE-2021-43267: Linux Kernel TIPC Remote Code Execution Vulnerability Alert
Recently, Linux officially issued a risk notice for remote code execution of Linux Kernel TIPC, the vulnerability number is CVE-2021-43267, the vulnerability level is serious.
TIPC (Transparent Inter Process Communication) is a protocol designed for communication within a cluster. It can be configured to transmit messages via UDP or directly via Ethernet. Message delivery is sequence guaranteed, no loss, and flow control.
Vulnerability Detail
A vulnerability was found in net/tipc/crypto.c in the Linux kernel before 5.14.16. The transparent inter-process communication (TIPC) feature allows remote attackers to take advantage of the insufficient verification of the MSG_CRYPTO message type provided by the user. This vulnerability is a heap overflow vulnerability. Attackers can remotely or locally use this vulnerability to execute arbitrary code, gain kernel permissions, and attack the entire system.
Affected version
- Linux kernel 5.10-rc1 5.14.15
Unaffected version
- Linux kernel 5.14.16
Solution
In this regard, we recommend that users upgrade the Linux Kernel to the latest version in time.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce
