CVE-2021-43267 is a newly disclosed security vulnerability in the Linux Kernel’s Transparent Inter Process Communication (TIPC). The flaw can be exploited both locally and remotely, allowing for arbitrary code execution within the kernel. The result of this would be taking over vulnerable devices. The CVSS score of CVE-2021-43267 is 9.8, making the vulnerability highly severe and dangerous.
Related: CVE-2020-28588: Information Disclosure Vulnerability in Linux Kernel
CVE-2021-43267 Short Technical Overview
According to the official advisory, “an issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.”
Fortunately, a patch has already been released on the 29th of October, as pointed out by SentinelOne researcher Max Van Amerongen, who provided an in-depth analysis.
More about the TIPC protocol
Shortly said, it is a transport layer protocol helping nodes running in a dynamic cluster environment to communicate with each other in a reliable manner. This protocol is more efficient than TCP. The CVE-2021-43267 vulnerability stems from insufficient validation for user-supplied sizes for MSG CRYPTO, a new message type.
The latter was introduced in September 2020, enabling peer nodes in the cluster to send cryptographic keys. The lack of restrictions on the key length could lead to a scenario where a threat actor creates a packet with a small body size to allocate heap memory, and then use an arbitrary size in the ‘keylen’ attribute to write outside the bounds of this location, as per the researcher’s discovery.
“This vulnerability can be exploited both locally and remotely. While local exploitation is easier due to greater control over the objects allocated in the kernel heap, remote exploitation can be achieved thanks to the structures that TIPC supports,” the report added.
“As this vulnerability was discovered within a year of its introduction into the codebase, TIPC users should ensure that their Linux kernel version is not between 5.10-rc1 and 5.15,” the researcher said in conclusion.