1192341 – (CVE-2021-43267) VUL-1: CVE-2021-43267: kernel-source-rt,kernel-source,kernel-source-azure: The TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type

Bug 1192341 (CVE-2021-43267) - VUL-1: CVE-2021-43267: kernel-source-rt,kernel-source,kernel-source-azure: The TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type

Summary: VUL-1: CVE-2021-43267: kernel-source-rt,kernel-source,kernel-source-azure: Th...

Status:	RESOLVED FIXED

Alias:	CVE-2021-43267

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P1 - Urgent Severity: Critical
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/314118/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-11-04 11:50 UTC by Gianluca Gabrielli
Modified:	2024-06-25 16:25 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gianluca Gabrielli 2021-11-04 11:50:44 UTC

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16.
The Transparent Inter-Process Communication (TIPC) functionality allows remote
attackers to exploit insufficient validation of user-supplied sizes for the
MSG_CRYPTO message type.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43267
https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16

Comment 1 Gianluca Gabrielli 2021-11-04 11:52:03 UTC

Affected branch:
 - SLE15-SP4

branch with fix:
 - stable

Fix commit: fa40d9734a57bcbfa79a280189799f76c88f7bb0

Comment 2 Takashi Iwai 2021-11-04 13:10:02 UTC

The fix is already included in SLE15-SP4 branch via stable 5.14.16.  I updated the patch reference accordingly.

The stable/master branches have been already moved to 5.15, which already contains the fix.

Reassigned back to security team.

Comment 3 Gianluca Gabrielli 2021-11-04 13:40:45 UTC

Thank you