Security researchers have discovered a heap overflow vulnerability in the Transparent Inter-Process Communication (TIPC) module of the kernel of Linux operating systems. Hackers could exploit the vulnerability locally or remotely within a network to gain kernel privileges.
Researchers at SentinelLabs said the vulnerable TIPC module is included in all common Linux distributions but the user must load it to activate the protocol. By exploiting the vulnerability, attackers can compromise the entire system, potentially leading to grave consequences.
TIPC is a protocol that enables the nodes in a cluster to communicate efficiently while remaining fault-tolerant. The protocol is implemented in a kernel module that is included in all common Linux distributions. When loaded by a user, it can be used as a socket and configured as an unprivileged user on an interface with netlink (or with the userspace tool tipc, which makes these netlink calls).
In September 2020, a new user message type called MSG_CRYPTO was introduced. This enables the sending and exchanging of cryptographic keys, which is the origin of the flaw.
The possibility of configuration starting from an unprivileged local level and the risk of exploitation from a distance make this a hazardous weak point for all those who use affected systems in their networks. It is particularly worrying that an attacker who exploited this vulnerability could execute arbitrary code within the kernel, potentially resulting in outsiders completely compromising the system.
RELATED RESOURCE
ITSM workflow handbook: No more "If only IT could do X"
What you need to deliver resilient AI-powered service operations that delight employees
“As for the data being overwritten, at first glance it may look like the overflow will have uncontrolled data, since the actual message size used to allocate the heap location is verified,” said researchers.
“However, a second look at the message validation function shows that it only checks that the message size in the header is within the bounds of the actual packet. That means that an attacker could create a 20-byte packet and set the message size to 10 bytes without failing the check.”
On October 19, SentinelLabs reported the findings. In cooperation with the Linux Foundation and one of the TIPC managers, the security researchers created a patch that has been available since October 29th and has been available in current Linux versions (after 5.15) since October 31st.
As the vulnerability was discovered within a year of its introduction to the code base, TIPC users should check whether their Linux kernel version is between 5.10-rc1 and 5.15 and, if necessary, update it.
As of this writing, SentinelOne has not found any evidence of cyber criminals’ successful misuse of the protocol.
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
AWS CEO Matt Garman just said what everyone is thinking about AI replacing software developersNews Junior developers aren’t going anywhere, according to AWS CEO Matt Garman
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
