CVE-2021-43267: Linux Kernel TIPC Remote Code Execution Vulnerability Alert

Recently, Linux officially issued a risk notice for remote code execution of Linux Kernel TIPC, the vulnerability number is CVE-2021-43267, the vulnerability level is serious.

TIPC (Transparent Inter Process Communication) is a protocol designed for communication within a cluster. It can be configured to transmit messages via UDP or directly via Ethernet. Message delivery is sequence guaranteed, no loss, and flow control.

A vulnerability was found in net/tipc/crypto.c in the Linux kernel before 5.14.16. The transparent inter-process communication (TIPC) feature allows remote attackers to take advantage of the insufficient verification of the MSG_CRYPTO message type provided by the user. This vulnerability is a heap overflow vulnerability. Attackers can remotely or locally use this vulnerability to execute arbitrary code, gain kernel permissions, and attack the entire system.