Vulnerability CVE-2021-43267: Information
Description
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
kernel-image-mp | sisyphus | 5.14.16-alt1 | 6.8.4-alt1 | ALT-PU-2021-3220-1 | 288803 | Fixed |
kernel-image-mp | p10 | 6.1.19-alt1 | 6.1.19-alt1 | ALT-PU-2023-4894-3 | 327092 | Fixed |
kernel-image-rpi-def | sisyphus | 5.10.81-alt1 | 5.15.92-alt2 | ALT-PU-2021-3451-1 | 291010 | Fixed |
kernel-image-rpi-def | p10 | 5.10.81-alt1 | 5.15.92-alt2 | ALT-PU-2021-3458-1 | 291190 | Fixed |
kernel-image-rpi-def | p9 | 5.10.81-alt1 | 5.10.81-alt1 | ALT-PU-2021-3468-1 | 291222 | Fixed |
kernel-image-rpi-un | sisyphus | 5.15.6-alt1 | 6.6.23-alt1 | ALT-PU-2021-3563-1 | 292137 | Fixed |
kernel-image-rpi-un | p10 | 5.15.6-alt1 | 6.1.77-alt1 | ALT-PU-2021-3573-1 | 292365 | Fixed |
kernel-image-rt | sisyphus | 5.10.78-alt1.rt56 | 6.1.83-alt1.rt28 | ALT-PU-2021-3444-1 | 291155 | Fixed |
kernel-image-rt | p10 | 5.10.78-alt1.rt56 | 5.10.215-alt1.rt107 | ALT-PU-2021-3477-1 | 291174 | Fixed |
kernel-image-std-debug | sisyphus | 5.10.82-alt1 | 6.1.87-alt1 | ALT-PU-2021-3376-1 | 290642 | Fixed |
kernel-image-std-def | sisyphus | 5.10.77-alt1 | 6.1.87-alt1 | ALT-PU-2021-3230-1 | 288849 | Fixed |
kernel-image-std-def | p10 | 5.10.79-alt1 | 5.10.213-alt1 | ALT-PU-2021-3309-1 | 289747 | Fixed |
kernel-image-std-def | c9f2 | 5.10.78-alt0.c9f.2 | 5.10.214-alt0.c9f.2 | ALT-PU-2021-3282-1 | 289377 | Fixed |
kernel-image-std-kvm | sisyphus | 5.10.77-alt1 | 5.10.176-alt1 | ALT-PU-2021-3233-1 | 288868 | Fixed |
kernel-image-un-def | sisyphus | 5.14.16-alt1 | 6.6.28-alt1 | ALT-PU-2021-3232-1 | 288857 | Fixed |
kernel-image-un-def | sisyphus_riscv64 | 5.16.8-alt1.rv64 | 6.6.28-alt1.0.port | ALT-PU-2022-3985-1 | - | Fixed |
kernel-image-un-def | p10 | 5.14.17-alt1 | 6.1.85-alt1 | ALT-PU-2021-3270-1 | 289225 | Fixed |
kernel-image-un-def | p9 | 5.10.78-alt1 | 5.10.215-alt1 | ALT-PU-2021-3268-1 | 289223 | Fixed |
kernel-image-un-def | c10f1 | 5.14.17-alt1 | 6.1.85-alt0.c10f.1 | ALT-PU-2021-3270-1 | 289225 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0 |
|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16 |
|
https://security.netapp.com/advisory/ntap-20211125-0002/ |
|
[oss-security] 20220210 CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc) |
|
FEDORA-2021-a093973910 | |
FEDORA-2021-bdd146e463 |