Critical RCE Vulnerability in Linux Kernel Let Hackers Compromise The Entire Systems Remotely

In the Transparent Inter-Process Communication (TIPC) module of the Linux kernel, a critical RCE vulnerability has been detected evenly, and it is a heap-overflow security vulnerability.

By, exploiting this security flaw, an attacker can easily compromise the entire system of its victim remotely. While this critical RCE vulnerability is detected by SentinelOne’s SentinelLabs, and it is tracked as CVE-2021-43267.

EHA

Linux TIPC Protocol & Vulnerability

To send cryptographic keys to each other, and once received the keys, then from the sending node it could be used to decrypt further communications. And this procedure becomes possible, since, the vulnerability, CVE-2021-43267 tenants in a message type that permits the nodes to send cryptographic keys.

To communicate with each other in an optimized way in the background within a Linux cluster a peer-to-peer protocol is used by the nodes, and this peer-to-peer protocol is known as TIPC Protocol.

A Vulnerability Researcher at SentinelOne, Max Van Amerongen stated:-

“When loaded by a user, [TIPC] can be used as a socket and can be configured on an interface as an unprivileged user. And all message construction and parsing are performed in the kernel.” This makes it an ideal target for attack. Here, the message size is correctly validated as greater than the header size, the payload size is validated against the maximum user message size, and the message size is validated against the actual received packet length.”

Exploitability of CVE-2021-43267

Hackers can exploit this critical vulnerability through both mediums:-

  • Remotely
  • Locally

Now, here, among these two mediums, the second one, “Local” exploitation of this security bug is much easier than the “Remote” one, as the greater control over the things earmarked in the kernel heap makes it possible. While in the case of “Remote” exploitation, hackers could achieve this by exploiting the structures that TIPC supports.

Patching the CVE-2021-43267

The Linux Kernel versions between 5.10 and 5.15 are vulnerable to this security flaw, and in all major Linux distributions the TIPC module comes prebuilt, so, by default, it remains “off,” where users have to enable it for an implementation to be exposed to attack.

But, here, all the users who are affected by this bug can implement the released patch, since the experts have recommended users immediately apply the patch to keep themselves protected.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.