Bug 2020362 (CVE-2021-43267) - CVE-2021-43267 kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
Summary: CVE-2021-43267 kernel: Insufficient validation of user-supplied sizes for the...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-43267
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Li Shuang
URL:
Whiteboard:
Depends On: 2020493 2020503 2020504 2020505 2020506 2020507 2020508 2020509 2020510 2020511 2020512 2020513 2020561 2020562 2021785
Blocks: 2020364
TreeView+ depends on / blocked
 
Reported: 2021-11-04 16:37 UTC by Pedro Sampaio
Modified: 2022-05-17 09:00 UTC (History)
62 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system.
Clone Of:
Environment:
Last Closed: 2021-11-19 19:50:44 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4644 0 None None None 2021-11-15 10:52:50 UTC
Red Hat Product Errata RHSA-2021:4645 0 None None None 2021-11-15 10:44:48 UTC
Red Hat Product Errata RHSA-2021:4646 0 None None None 2021-11-15 10:10:28 UTC
Red Hat Product Errata RHSA-2021:4647 0 None None None 2021-11-15 11:21:04 UTC
Red Hat Product Errata RHSA-2021:4648 0 None None None 2021-11-15 10:13:21 UTC
Red Hat Product Errata RHSA-2021:4650 0 None None None 2021-11-15 11:06:17 UTC
Red Hat Product Errata RHSA-2021:4750 0 None None None 2021-11-19 19:21:53 UTC

Description Pedro Sampaio 2021-11-04 16:37:27 UTC
A flaw was found in the Transparent Inter-Process Communication (TIPC) functionality in the Linux kernel. This flaw can allow an attacker able to send MSG_CRYPTO messages to one of the interconnected nodes to exploit insufficient validation of user-supplied key sizes resulting in memory corruption and potentially privilege escalation.

References:

https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html

Comment 4 Wade Mealing 2021-11-05 05:41:05 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2020493]

Comment 8 juneau 2021-11-05 13:14:13 UTC
Per SRE, OSD is notaffected. "it isn't loaded by default and you'd need to run a priv'd container to get CAP_SYS_MODULE to be able to load it."

Comment 12 errata-xmlrpc 2021-11-15 10:10:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4646 https://access.redhat.com/errata/RHSA-2021:4646

Comment 13 errata-xmlrpc 2021-11-15 10:13:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:4648 https://access.redhat.com/errata/RHSA-2021:4648

Comment 14 errata-xmlrpc 2021-11-15 10:44:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4645 https://access.redhat.com/errata/RHSA-2021:4645

Comment 15 errata-xmlrpc 2021-11-15 10:52:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:4644 https://access.redhat.com/errata/RHSA-2021:4644

Comment 16 errata-xmlrpc 2021-11-15 11:06:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2021:4650 https://access.redhat.com/errata/RHSA-2021:4650

Comment 17 errata-xmlrpc 2021-11-15 11:21:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4647 https://access.redhat.com/errata/RHSA-2021:4647

Comment 18 errata-xmlrpc 2021-11-19 19:21:49 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2021:4750 https://access.redhat.com/errata/RHSA-2021:4750

Comment 19 Product Security DevOps Team 2021-11-19 19:50:39 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-43267


Note You need to log in before you can comment on or make changes to this bug.