Security Alert (A21-11-06): Vulnerability in Linux Operating Systems

Description:

A heap-overflow vulnerability was found in the Transparent Inter-Process Communication (TIPC) module of the Linux kernel.  A remote attacker could create a specially crafted TIPC message packet to exploit the vulnerability.

Affected Systems:

• Linux operating systems with kernel versions between 5.10 and 5.15

It is strongly recommended to consult the product vendors if the used Linux systems are affected.

Impact:

Successful exploitation could lead to remote code execution or denial of service on a vulnerable system.

Recommendation:

The vulnerability is fixed in some of the Linux distributions such as Debian and Ubuntu.  The following is only a sample list of Linux distributions that are affected.  The list is not exhaustive and it is strongly recommended to consult the product vendors if the used Linux systems are affected.  System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.  System administrators should contact their product support vendors for the fixes and assistance.

• Debian
https://security-tracker.debian.org/tracker/CVE-2021-43267
• Ubuntu
https://ubuntu.com/security/CVE-2021-43267

More Information:

• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
• https://www.hkcert.org/security-bulletin/linux-kernel-remote-code-execution-vulnerability_20211105
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43267