Latest update for Linux Kernel addresses critical RCE security vulnerability: Exploits TICP Module to cause message heap overflow

Linux Security Vulnerability
Update Linux Kernel immediately to patch flawed TCICP Module. Pic credit: Luis Gomes/Pexels

Linux operating system users need to immediately update the core Kernel. The latest update, released on October 31, fixes a critical security vulnerability in the TICP Module.

A critical heap-overflow security vulnerability exists in the Transparent Inter-Process Communication (TIPC) module of the Linux kernel. It can allow local exploitation and Remote Code Execution. Simply put, the flaw can accord ROOT or SYSTEM privileges.

TICP Module vulnerable to heap overflow with new message type ‘MSG_CRYPTO’:

TIPC Module is essentially a peer-to-peer transport layer or protocol. Nodes within a Linux cluster use the same optimally communicate with each other.

The TIPC protocol is way better, efficient, and fault-tolerant than the prevalent protocols such as TCP. On its own, TIPC is still secure. However, the security vulnerability exists in a new message type called “MSG_CRYPTO“.

Introduced in September 2020, the message type enables peer nodes in the cluster to send cryptographic keys. Incidentally, the protocol has checks in place to validate such messages after decryption.

Simply put, the protocol ensures the packet’s actual payload size doesn’t exceed that of the maximum user message size. However, there were no restrictions on the length of the key (aka ‘keylen’) itself.

SentinelOne’s SentinelLabs discovered the critical flaw. Using the vulnerability, “an attacker can create a packet with a small body size to allocate heap memory, and then use an arbitrary size in the ‘keylen’ attribute to write outside the bounds of this location.”

The security vulnerability has a CVE-2021-43267 tracking tag. However, it has received a patch.

The latest update for the Linux Kernel addresses a critical security vulnerability:

The cybersecurity research company that discovered the flaw in the TICP Module has indicated no attacker seems to have exploited the same. In other words, the attackers might not be aware of the same, as there have been no ‘real-world attacks’ using this flaw.

Linux Kernel version 5.15 released on October 31, 2021, contains the patch for the flaw. The patch verifies that any supplied sizes in the message body are valid for the received message.

Speaking about the flaw, SentinelOne researcher Max Van Amerongen said: “While TIPC itself isn’t loaded automatically by the system but by end-users, the ability to configure it from an unprivileged local perspective and the possibility of remote exploitation makes this a dangerous vulnerability for those that use it in their networks.”

To protect themselves, affected Linux users should immediately apply the just-released patch as it adds appropriate size-verification checks to the process.

Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x