Cybersecurity researchers helped fix a critical stack overflow security vulnerability in the Linux kernel that could be exploited locally or via remote code execution (RCE) to compromise vulnerable Linux computers. Discovered by SentinelLabs researcher Max Van Amerongen, the vulnerability identified as CVE-2021-43267 exists in the kernel's Transparent Inter-Process Communication (TIPC) module, specifically in a type of message that allows nodes to send keys to each other. “This vulnerability can be exploited both locally and remotely. While local mining is easier due to better control over allocated objects on the kernel heap, remote mining can be achieved via TIPC-compliant frameworks,” notes Amerongen. Since the affected message type is relatively new, the bug only exists in kernel versions between v5.10 and v5.15.
Taken in less than a year.
The researcher explains that the vulnerable message type, called MSG_CRYPTO, was introduced in September 2020, for the exchange of cryptographic keys. However, Amerongen discovered that although the message type made several key transfer assignments, he was unable to verify or validate some of them. This monitoring could, for example, allow an attacker to create a package with a small body size to first allocate heap memory, and then use an arbitrary size in an unverified attribute to write out of bounds from this location, Amerongen says. . Perhaps the only thing he ensured the vulnerability wasn't exploited in the wild is that while the TIPC module ships with all major Linux distributions, it's not enabled by default, which attackers need to take advantage of. Either way, a patch has been released that adds proper size verification checks to the process, which has already been added to the main Linux 5.15 Long Term Support (LTS) release.