Security researchers are warning of a newly discovered security hole in a kernel module that comes with all major Linux distributions. They say remote attackers can exploit the bug to take full control of a vulnerable system.
The vulnerability, referred to as CVE-2021-43267, is described as a heap overflow (buffer overflow that occurs in the data area of the heap) in the TIPC (Transparent Inter-Process Communication,) module. module (transparent internal communication process) that comes with the Linux kernel to allow nodes in a cluster to communicate with each other in a fault-tolerant manner.
“The vulnerability can be exploited locally or remotely within a network to gain kernel privileges, allowing an attacker to compromise the entire system,” according to Max Van Amerongen of cybersecurity startup SentinelOne, a security researcher who found — and helped fix — the vulnerability.
Van Amerongen revealed to SecurityWeek that he discovered the bug almost by accident using Microsoft’s CodeQL, an open source semantic code analysis engine that helps uncover security defects at scale. He said the flaw was introduced into the Linux kernel in September 2020, when a new user message type called MSG_CRYPTO was added to allow peers to send cryptographic keys. Looking at the code, Van Amerongen found a “well-defined kernel heap buffer overflow” with remote exploit implications.
Although the vulnerable TIPC module comes with all major Linux distributions, it needs to be loaded to enable the protocol and trigger the vulnerability. The Linux Foundation released a patch on October 29 and confirmed that the vulnerability affects kernel versions 5.10 to 5.15. SentinelOne said on Thursday, 4, that it has recorded no evidence of exploitation of the vulnerability.
Source: CisoAdvisor
