IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Vulnerability in Linux kernel could let hackers remotely take over systems

Heap overflow attacks can exploit TIPC module in all common Linux distributions

Linux within a screen full of code

Security researchers have discovered a heap overflow vulnerability in the Transparent Inter-Process Communication (TIPC) module of the kernel of Linux operating systems. Hackers could exploit the vulnerability locally or remotely within a network to gain kernel privileges.

Researchers at SentinelLabs said the vulnerable TIPC module is included in all common Linux distributions but the user must load it to activate the protocol. By exploiting the vulnerability, attackers can compromise the entire system, potentially leading to grave consequences. 

TIPC is a protocol that enables the nodes in a cluster to communicate efficiently while remaining fault-tolerant. The protocol is implemented in a kernel module that is included in all common Linux distributions. When loaded by a user, it can be used as a socket and configured as an unprivileged user on an interface with netlink (or with the userspace tool tipc, which makes these netlink calls).

In September 2020, a new user message type called MSG_CRYPTO was introduced. This enables the sending and exchanging of cryptographic keys, which is the origin of the flaw. 

The possibility of configuration starting from an unprivileged local level and the risk of exploitation from a distance make this a hazardous weak point for all those who use affected systems in their networks. It is particularly worrying that an attacker who exploited this vulnerability could execute arbitrary code within the kernel, potentially resulting in outsiders completely compromising the system.

Related Resource

ITSM workflow handbook: No more "If only IT could do X"

What you need to deliver resilient AI-powered service operations that delight employees

Whitepaper front coverFree Download

“As for the data being overwritten, at first glance it may look like the overflow will have uncontrolled data, since the actual message size used to allocate the heap location is verified,” said researchers.

“However, a second look at the message validation function shows that it only checks that the message size in the header is within the bounds of the actual packet. That means that an attacker could create a 20-byte packet and set the message size to 10 bytes without failing the check.”

On October 19, SentinelLabs reported the findings. In cooperation with the Linux Foundation and one of the TIPC managers, the security researchers created a patch that has been available since October 29th and has been available in current Linux versions (after 5.15) since October 31st.

As the vulnerability was discovered within a year of its introduction to the code base, TIPC users should check whether their Linux kernel version is between 5.10-rc1 and 5.15 and, if necessary, update it. 

As of this writing, SentinelOne has not found any evidence of cyber criminals’ successful misuse of the protocol.

Featured Resources

Defending against malware attacks starts here

The ultimate guide to building your malware defence strategy

Free Download

Datto SMB cyber security for MSPs report

A world of opportunity for MSPs

Free Download

The essential guide to preventing ransomware attacks

Vital tips and guidelines to protect your business using ZTNA and SSE

Free Download

Medium businesses: Fuelling the UK’s economic engine

A Connected Thinking report

Free Download

Recommended

Analysing the economic benefits of Trend Micro Vision One
Whitepaper

Analysing the economic benefits of Trend Micro Vision One

16 Mar 2023
Kali Linux releases first-ever defensive distro with score of new tools
enterprise security

Kali Linux releases first-ever defensive distro with score of new tools

14 Mar 2023
Mint vs Ubuntu: Which one is better?
operating systems

Mint vs Ubuntu: Which one is better?

10 Mar 2023
Linux edges closer to full Apple silicon support with version 6.2
operating systems

Linux edges closer to full Apple silicon support with version 6.2

21 Feb 2023

Most Popular

Getting the best value from your remote support software
Advertisement Feature

Getting the best value from your remote support software

13 Mar 2023
What the UK can learn from the rest of the world when it comes to the shift to IP
Sponsored

What the UK can learn from the rest of the world when it comes to the shift to IP

20 Mar 2023
Why the floppy disk may never die
Server & storage

Why the floppy disk may never die

27 Mar 2023