Discover Security Vulnerabilities News
Nasty Linux Kernel Stack Overflow Flaw Found and Patched
Here we go again. Another obnoxious security bug, CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel was found by Appgate senior exploit developer Samuel Page while he was poking around at a Linux heap overflow security bug, CVE-2021-43267 from November 2021. Page’s discovery is a remotely and locally reachable stack overflow in the Linux kernel’s Transparent Inter-Process Communication (TIPC) protocol networking module.
TIPC, as the name says, is used for intracluster communications. Cluster topology is managed using the concept of nodes and links between these nodes. Messages sent using TIPC can be sent over either UDP or Ethernet. So far, so good.