7.5
CVSSv2

CVE-2021-43267

Published: 02/11/2021 Updated: 25/11/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists in net/tipc/crypto.c in the Linux kernel prior to 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote malicious users to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

An issue was discovered in net/tipc/cryptoc in the Linux kernel before 51416 The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type ...
An issue was discovered in net/tipc/cryptoc in the Linux kernel before 51416 The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type ...

Github Repositories

CVE-2021-43267 Local PoC exploit for CVE-2021-43267 (Linux TIPC) Reference: haxxin/posts/pwning-tipc/

CVE-2021-43267-POC trusty poc Provide it to legitimate people

Recent Articles

Will they try it for 30 days first? McAfee goes private again in $14bn cash deal
The Register • Iain Thomson in San Francisco • 08 Nov 2021

Get our weekly newsletter Plus: Uncle Sam gets tough on patching, NIST needs you, and more

In brief A consortium of private equity types have stumped up $12bn in cash to acquire what's left of McAfee the company plus another couple of billion to pay off its debts.
McAfee has been in and out of the stock market: it last went public in October 2020 with a valuation of $3.6bn. It then spun off its enterprise security business in March for $4bn in another cash deal, and now the consumer side of the business has been snapped up for $14bn total.
“This transaction is a testamen...

Critical Linux Kernel Bug Allows Remote Takeover
Threatpost • Tara Seals • 04 Nov 2021

A critical heap-overflow security vulnerability in the Transparent Inter Process Communication (TIPC) module of the Linux kernel could allow local exploitation and remote code execution, leading to full system compromise.
TIPC is a peer-to-peer protocol used by nodes within a Linux cluster to communicate with each other in an optimized way; it enables various types of messages that are used for different purposes. According to SentinelOne’s SentinelLabs, the bug in question (CVE-2021-432...