Security News > 2021 > November > Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines.
Tracked as CVE-2021-43267, the heap overflow vulnerability "Can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne said in a report published today and shared with The Hacker News.
TIPC is a transport layer protocol designed for nodes running in dynamic cluster environments to reliably communicate with each other in a manner that's more efficient and fault-tolerant than other protocols such as TCP. The vulnerability identified by SentinelOne has to do with insufficient validation of user-supplied sizes for a new message type called "MSG CRYPTO" that was introduced in September 2020 and enables peer nodes in the cluster to send cryptographic keys.
While the protocol has checks in place to validate such messages after decryption to ensure that a packet's actual payload size doesn't exceed that of the maximum user message size and that the latter is greater than the message header size, no restrictions were found to be placed on the length of the key itself, resulting in a scenario where "An attacker can create a packet with a small body size to allocate heap memory, and then use an arbitrary size in the 'keylen' attribute to write outside the bounds of this location."
There is no evidence that the flaw has been abused in real-world attacks to date, and following responsible disclosure on October 19, the issue has been addressed in Linux Kernel version 5.15 released on October 31, 2021.
"The function tipc crypto key rcv is used to parse MSG CRYPTO messages to receive keys from other nodes in the cluster in order to decrypt any further messages from them," Linux kernel maintainers said in a fix pushed late last month.
News URL
https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Strap in, get ready for more Rust drivers in Linux kernel (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2021-43267 | Improper Validation of Specified Quantity in Input vulnerability in multiple products An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. | 9.8 |