The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
A critical heap-overflow security vulnerability in the Transparent Inter Process Communication (TIPC) module of the Linux kernel could allow local exploitation and remote code execution, leading to full system compromise.
TIPC is a peer-to-peer protocol used by nodes within a Linux cluster to communicate with each other in an optimized way; it enables various types of messages that are used for different purposes. According to SentinelOne’s SentinelLabs, the bug in question (CVE-2021-43267) specifically resides in a message type that allows nodes to send cryptographic keys to each other. When received, the keys can be used to decrypt further communications from the sending node.
TIPC: Popping Open the Kernel
“When loaded by a user, [TIPC] can be used as a socket and can be configured on an interface…as an unprivileged user,” explained SentinelLabs researcher Max Van Amerongen, in a Thursday posting. “All message construction and parsing is performed in the kernel.” This makes it an ideal target for attack, he said.
As for the heap overflow: When it comes to that message construction, every TIPC message has