Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines.

The heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne said in a report published today and shared with The Hacker News.

TIPC is a transport layer protocol designed for nodes running in dynamic cluster environments to reliably communicate with each other in a manner that's more efficient and fault-tolerant than other protocols such as TCP. The vulnerability identified by SentinelOne has to do with a new message type called "MSG_CRYPTO" that was introduced in September 2020 and enables peer nodes in the cluster to send cryptographic keys.
There is no evidence that the flaw has been abused in real-world attacks to date, and following responsible disclosure on October 19, the issue has been addressed in Linux Kernel version 5.15 released on October 31, 2021.