Headline
CVE-2021-43267: tipc: fix size validations for the MSG_CRYPTO type · torvalds/linux@fa40d97
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Permalink
Browse files
tipc: fix size validations for the MSG_CRYPTO type
The function tipc_crypto_key_rcv is used to parse MSG_CRYPTO messages to receive keys from other nodes in the cluster in order to decrypt any further messages from them. This patch verifies that any supplied sizes in the message body are valid for the received message.
Fixes: 1ef6f7c (“tipc: add automatic session key exchange”) Signed-off-by: Max VA [email protected] Acked-by: Ying Xue [email protected] Signed-off-by: Greg Kroah-Hartman [email protected] Acked-by: Jon Maloy [email protected] Signed-off-by: David S. Miller [email protected]
- Loading branch information
Related news
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel