CVE-2021-43267

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.10 through 5.15

Description The issue is related to the Transparent Inter-Process Communication (TIPC) functionality in the Linux kernel, which allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG CRYPTO message type. This can lead to a heap overflow, allowing an attacker to gain kernel privileges. The vulnerability can be exploited either locally or remotely within a network. The TIPC module needs to be loaded manually for the bug to be triggerable. There is no evidence of this vulnerability being exploited in the wild.

Recommendations For Linux kernel versions 5.10 through 5.15, update to a version that includes the security fix for this issue. As a temporary workaround, consider disabling the TIPC module to minimize the risk of exploitation. Restrict access to the TIPC functionality to prevent unauthorized use. Avoid using the MSG CRYPTO message type in the TIPC protocol until the issue is resolved.