Critical Linux Kernel Bug Allows Remote Takeover | LinuxSecurity.com

Advisories

Discover Security Vulnerabilities News

Critical Linux Kernel Bug Allows Remote Takeover

A critical Linux kernel bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other, and could allow remote takeover.

A critical heap-overflow security vulnerability in the Transparent Inter Process Communication (TIPC) module of the Linux kernel could allow local exploitation and remote code execution, leading to full system compromise.

TIPC is a peer-to-peer protocol used by nodes within a Linux cluster to communicate with each other in an optimized way; it enables various types of messages that are used for different purposes. According to SentinelOne’s SentinelLabs, the bug in question (CVE-2021-43267) specifically resides in a message type that allows nodes to send cryptographic keys to each other. When received, the keys can be used to decrypt further communications from the sending node.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.