K20072454: Linux kernel vulnerability CVE-2021-43267

Security Advisory Description An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

Rocky Linux 8 : kernel-rt (RLSA-2021:4646)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4646 advisory. - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c...

Rocky Linux 8 : kernel (RLSA-2021:4647)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4647 advisory. - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c...

AlmaLinux 8 : kernel (ALSA-2021:4647)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4647 advisory. - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. Thi...

USN-5207-1: Linux kernel (OEM) vulnerabilities

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the eBPF implementation in the Linux...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists in the transparent inter-process communication functionality in net/tipc/crypto.c, allowing an attacker to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

RHEL 8 : kpatch-patch (RHSA-2021:4644)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4644 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

ALSA-2021:4647 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Insufficient validation of user-supplied sizes for the MSGCRYPTO message type CVE-2021-43267 kernel: timer tree corruption leads to missing wakeup and system freeze CVE-2021-20317 For mor...

RLSA-2021:4647 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Insufficient validation of user-supplied sizes for the MSGCRYPTO message type CVE-2021-43267 kernel: timer tree corruption leads to missing wakeup and system freeze CVE-2021-20317 For mor...

RLSA-2021:4646 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Insufficient validation of user-supplied sizes for the MSGCRYPTO message type CVE-2021-43267 kernel: timer tree corruption leads t...

Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication TIPC module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as...

Linux kernel input validation error vulnerability (CNVD-2021-87041)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of Linux kernel prior to 5.14.16 that stems from insufficient application validation of the size of the MSGCRYPTO message type. No...

Input validation

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

CVE-2021-43267

The CVE-2021-43267 issue affects the Linux kernel up to version 5.14.16 in the TIPC crypto path (net/tipc/crypto.c). The vulnerability arises from insufficient validation of user-supplied sizes for the MSG_CRYPTO message type, enabling remote attackers to potentially corrupt memory or escalate pr...