• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2021-43267- A Heap Overflow Vulnerability In Linux Kernel’s TIPC Module
How to Fix CVE-2021-43267 | A Heap Overflow Vulnerability in Linux Kernel’s TIPC Module

Security researchers from SentinelLabs has discovered a new heap overflow vulnerability in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module. The vulnerability being tracked as CVE-2021-43267 can be exploited either locally or remotely within the network to execute arbitrary code within the kernel and compromise the entire machine. Let’s know more about the Transparent Inter Process Communication (TIPC) module in Linux and see how to fix CVE-2021-43267, A heap overflow vulnerability in Linux Kernel’s TIPC Module.

What Is Transparent Inter-process Communication?

In short, TIPC, is an Inter-process communication (IPC) service in Linux which operates between nodes across the cluster. If you want to learn in detail about the TIPC, you can visit its official TIPC page.

TIPM protocol is part of all major Linux distribution kernel modules. When a user loads TIPC module, kernel uses the TIPC as a socket and configure on a network interface to work in a low privileged mode on top of ethernet protocol. Host communicate with each other by exchanging the TIPC messages between their kernels. 

The TIPC protocol operates in a way transparent to the user. Each TIPC packet is composed of a header and a payload. Each header will have two variables: Header Size and Message Size. Header Size denotes the size of the header, whereas Message Size denotes the total size of the packet.

TIPC protocol has a function ‘tipc_msg_validate‘ to validate the Header and Message Size. This function performs three validations: 1. Message Size is greater than Header Size, 2. The TIPC packet payload size is validated against the maximum user message size, and 3. The Message Size is validated against the actual received packet length.

Overview of CVE-2021-43267- A Heap Overflow Vulnerability

The vulnerability begins with the introduction of a new user message, ‘MSG_CRYPTO,’ which allows peers to send cryptographic keys. When the MSG_CRYPTO message is received, the TIPC kernel module should copy this information (the name of the key algorithm along with the key) into the storage for that node. 

The most important part of this vulnerability is lice in the Header Size calculation. As mentioned above, both Header Size and Message Size are validated against the actual packet size. Total Message Size should not exceed the range of the actual packet. The problem is, there are no checks implemented to calculate the size of the MSG_CRYPTO message against the total Message Size. This improper validation allows an attacker to create a packet with small body size to allocate heap memory. For instance, an attacker can create a 20 byte packet and set the message size to 10 bytes without failing the check. Please check the detailed technical analysis from the original report published by sentinal Labs. 

This heap overflow vulnerability can be exploited either locally or remotely within the network to execute arbitrary code within the kernel and compromise the entire machine.

Summary Of CVE-2021-43267- A Heap Overflow Vulnerability

Description: The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Security-Database Scoring CVSS v3

Overall CVSS Score9.8
Base Score9.8
impact SubScore5.9
Exploitabality Sub Score3.9
Attack VectorNetwork
Privileges RequiredNone
ScopeUnchanged
Integrity ImpactHigh
Environmental Score9.8
Temporal Score9.8
Attack ComplexityLow
User InteractionNone
Confidentiality ImpactHigh
Availability ImpactHigh

Kernel Versions Affected with the Heap Overflow Vulnerability (CVE-2021-43267)

Since this Heap Overflow Vulnerability (CVE-2021-43267) affects only to TIPC users, so they should ensure that their Linux kernel version is not between 5.10-rc1 and 5.14.16. Ubuntu published an advisory on Nov 02, 2021; look at the advisory from here.

Vulnerable Kernel Versions:

between 5.10-rc1 and 5.14.16

Patched Kernel Version:

5.15

Not Affected Versions:

5.4.0-9.12
4.13.0-16.19
4.4.0-2.16
3.11.0-12.19

How To Fix CVE-2021-43267- A Heap Overflow Vulnerability In Linux Kernel’s TIPC Module?

This vulnerability has been patched in kernel v5.15 with two changes: 1. A validation function has been moved before the copy process takes place instead of after it, 2. A size overflow check has been added along with additional checks for the minimum packet size and the supplied key size. It is recommended to upgrade your kernel to v5.15 as soon as possible.

How To Upgrade Kernel On Your Linux?

There are multiple ways to update kernel on Linux. The best and the native way is to download and install the tested kernel package. Please contact your support to choose the best way that works for you. Just for the demonstration we are going to show you how to upgrade kernel on Ubuntu or Debian servers in a native way.

How to upgrade kernel on Ubuntu?

Note: Before you download and install on your production server, we recommend to test this on a test machine. Don’t forget to take the full VM snapshot if are upgrading kernel on a Virtual Image. Or, take filesystem back up if you have a physical server.

  1. Check the kernel version

    Before you start upgradation, check the version of kernel your server has. What if kernel version is not in the list of affected version, If so, you can schedule this later as per your time.

    Run this command to check the kernel version.

    $ uname -rs

    Check the kernel version

  2. Download kernel modules 5.15

    Download the kernel packages directly from kernel.ubuntu.com website. Download the latest version available (At the bottom) from the website to a dedicated directory. Change the permission of the files to the execute.

    Create a directory in your path:

    $ mkdir /home/arunkl/kernel-5.15

    Change the directory:

    $ cd /home/arunkl/kernel-5.15/

    Download these two files (where X.Y.Z is the highest version):

    1. linux-image-*X.Y.Z*-generic-*.deb
    2. linux-modules-X.Y.Z*-generic-*.deb


    Commands to download the kernel v5.15

    $ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.15/amd64/linux-image-unsigned-5.15.0-051500-generic_5.15.0-051500.202110312130_amd64.deb


    $ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.15/amd64/linux-modules-5.15.0-051500-generic_5.15.0-051500.202110312130_amd64.deb


    Run this command to set the files permission to execution mode:

    $ chmod +x *.deb

    Download kernel modules 5.15

  3. Install kernel module 5.15

    Install the downloaded packages using the default dpkg utility then reboot the server.

    $ sudo dpkg –install *.deb
    $ reboot

    Install kernel module 5.15

  4. Check the kernel version after reboot

    Use the same command used in the first step. You will see upgraded kernel version if everything goes well.

    $ uname -rs

    check the kernel version after reboot

  5. How to Fix CVE-2021-43267 on RedHat and CentOS Linux servers

    RedHat didn’t release patches to this vulnerability as the latest version of kernel module RedHat supports is 4.18.0-305, which comes in not affected version category.

How To Fix CVE-2021-43267 On RedHat And CentOS?

RedHat didn’t release patches to this vulnerability as the latest version of kernel module RedHat supports is 4.18.0-305, which comes in not affected version category.

Kernel Version Supported in Red Hat Enterprise Linux 8

ReleaseGeneral Availability Dateredhat-release Errata Date*Kernel Version
RHEL 8.42021-05-182021-05-18 RHSA-2021:15784.18.0-305
RHEL 8.32020-11-032020-11-03 RHBA-2020:44954.18.0-240
RHEL 8.22020-04-282020-04-28 RHBA-2020:17584.18.0-193
RHEL 8.12019-11-052019-11-05 RHBA-2019:35434.18.0-147
RHEL 82019-05-074.18.0-80

Red Hat Enterprise Linux 7

ReleaseGeneral Availability Dateredhat-release Errata Date*Kernel Version
RHEL 7.92020-09-292020-09-29 RHBA-2020:38493.10.0-1160
RHEL 7.82020-03-312020-03-31 RHBA-2020:10333.10.0-1127
RHEL 7.72019-08-062019-08-06 RHBA-2019:23513.10.0-1062
RHEL 7.62018-10-302018-10-30 RHBA-2018:30143.10.0-957
RHEL 7.52018-04-102018-04-10 RHEA-2018:07003.10.0-862
RHEL 7.42017-07-312017-07-31 RHBA-2017:18503.10.0-693
RHEL 7.32016-11-032016-11-03 RHEA-2016-25443.10.0-514
RHEL 7.22015-11-192015-11-19 RHEA-2015:24613.10.0-327
RHEL 7.12015-03-052015-03-05 RHEA-2015:05243.10.0-229
RHEL 7.0 GA2014-06-093.10.0-123
RHEL 7.0 Beta2013-12-113.10.0-54.0.1

Check the latest kernel versions for older RHEL here.

We hope this post will help you in knowing How to Fix CVE-2021-43267- A Heap Overflow Vulnerability in Linux Kernel’s TIPC Module. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.