Critical Linux Kernel Bug Allows Remote Takeover

The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.

A critical heap-overflow security vulnerability in the Transparent Inter Process Communication (TIPC) module of the Linux kernel could allow local exploitation and remote code execution, leading to full system compromise.

TIPC is a peer-to-peer protocol used by nodes within a Linux cluster to communicate with each other in an optimized way; it enables various types of messages that are used for different purposes. According to SentinelOne’s SentinelLabs, the bug in question (CVE-2021-43267) specifically resides in a message type that allows nodes to send cryptographic keys to each other. When received, the keys can be used to decrypt further communications from the sending node.

TIPC: Popping Open the Kernel

“When loaded by a user, [TIPC] can be used as a socket and can be configured on an interface…as an unprivileged user,” explained SentinelLabs researcher Max Van Amerongen, in a Thursday posting. “All message construction and parsing is performed in the kernel.” This makes it an ideal target for attack, he said.

As for the heap overflow: When it comes to that message construction, every TIPC message has

Read More: https://threatpost.com/critical-linux-kernel-bug/176000/