Recently, Linux officially issued
a risk notice for remote code execution of Linux Kernel TIPC, the vulnerability number is CVE-2021-43267, the vulnerability
level is serious.
TIPC (Transparent Inter Process Communication) is a protocol designed for communication within a cluster. It can be configured to transmit messages via UDP or directly via Ethernet. Message delivery is sequence guaranteed, no loss, and flow control.
A vulnerability was found in net/tipc/crypto.c in the Linux kernel before 5.14.16. The transparent inter-process communication (TIPC) feature allows remote attackers to take advantage of the insufficient verification of the MSG_CRYPTO message type provided by the user. This vulnerability is a heap overflow vulnerability. Attackers can remotely or locally use this vulnerability to execute arbitrary code, gain kernel permissions, and attack the entire system.
- Linux kernel 5.10-rc1 5.14.15
In this regard, we recommend that users upgrade the Linux Kernel to the latest version in time.