Vulnerability Name:

CVE-2021-43267 (CCN-212773)

Assigned:2021-10-19
Published:2021-10-19
Updated:2022-11-03
Summary:An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-43267

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20220210 CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)

Source: MISC
Type: Mailing List, Release Notes, Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16

Source: XF
Type: UNKNOWN
linux-kernel-cve202143267-bo(212773)

Source: CCN
Type: Linux Kernel GIT Repository
tipc: fix size validations for the MSG_CRYPTO type

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-bdd146e463

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-a093973910

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211125-0002/

Source: CCN
Type: The Hacker News Web site
Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module

Source: CCN
Type: SentinelOne Web site
CVE-2021-43267: Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 5.10 and < 5.10.77)
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 5.11 and < 5.14.16)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h300s:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h500s:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h700s:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h300e:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h500e:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h700e:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netapp:h410s:-:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:5.10:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.10.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.10.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.11.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.11.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.11.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.11:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.11.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.11.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.12.0:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.12:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.12.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.12.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.12.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.13.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.13.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.13:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.14:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.14:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.13.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.14:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.14.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.14.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.14.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.14.14:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    		kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:8090
    P
    		reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7539
    P
    		kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3567
    P
    		libXtst6-1.2.2-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3398
    P
    		wpa_supplicant-2.6-15.10.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3448
    P
    		busybox-1.21.1-3.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3453
    P
    		clamav-0.101.3-1.19 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95083
    P
    		kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94590
    P
    		kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95197
    P
    		kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95028
    P
    		kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95078
    P
    		reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2960
    P
    		kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:com.redhat.rhsa:def:20214645
    P
    		RHSA-2021:4645: kpatch-patch security update (Important)
    2021-11-15
    oval:com.redhat.rhsa:def:20214646
    P
    		RHSA-2021:4646: kernel-rt security and bug fix update (Important)
    2021-11-15
    oval:com.redhat.rhsa:def:20214647
    P
    		RHSA-2021:4647: kernel security update (Important)
    2021-11-15
    BACK
    linux linux kernel *
    linux linux kernel *
    fedoraproject fedora 34
    fedoraproject fedora 35
    netapp h300s firmware -
    netapp h300s -
    netapp h500s firmware -
    netapp h500s -
    netapp h700s firmware -
    netapp h700s -
    netapp h300e firmware -
    netapp h300e -
    netapp h500e firmware -
    netapp h500e -
    netapp h700e firmware -
    netapp h700e -
    netapp h410s firmware -
    netapp h410s -
    linux linux kernel 5.10 -
    linux linux kernel 5.10.4
    linux linux kernel 5.10.11
    linux linux kernel 5.11.3
    linux linux kernel 5.11.6
    linux linux kernel 5.11.8
    linux linux kernel 5.11
    linux linux kernel 5.11.10
    linux linux kernel 5.11.2
    linux linux kernel 5.11.11
    linux linux kernel 5.12.0 rc3
    linux linux kernel 5.12 -
    linux linux kernel 5.12.2
    linux linux kernel 5.12.10
    linux linux kernel 5.12.11
    linux linux kernel 5.13.4
    linux linux kernel 5.13.7
    linux linux kernel 5.14 rc2
    linux linux kernel 5.13 -
    linux linux kernel 5.14 rc6
    linux linux kernel 5.14 rc4
    linux linux kernel 5.13.13
    linux linux kernel 5.14 -
    linux linux kernel 5.14.6
    linux linux kernel 5.14.9
    linux linux kernel 5.14.13
    linux linux kernel 5.14.14