CVE-2021-43267

Updated: 2023-11-07 19:27:40.592824

Description:

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 9.8 CRITICAL Already Fixed 2023-12-20 13:10:29
AlmaLinux 9.2 FIPS kernel 5.14.0 9.8 CRITICAL Already Fixed 2024-01-18 13:10:07
CentOS 6 ELS kernel 2.6.32 9.8 CRITICAL Not Vulnerable 2022-03-30 12:52:15
CentOS 8.4 ELS kernel 4.18.0 9.8 CRITICAL Released CLSA-2022:1644933991 2022-02-28 17:34:10
CentOS 8.5 ELS kernel 4.18.0 9.8 CRITICAL Already Fixed 2024-01-18 13:25:39
CloudLinux 6 ELS kernel 2.6.32 9.8 CRITICAL Not Vulnerable 2022-03-30 12:52:15
Oracle Linux 6 ELS kernel 2.6.32 9.8 CRITICAL Not Vulnerable 2022-03-30 12:52:15
Ubuntu 16.04 ELS linux 4.4.0 9.8 CRITICAL Not Vulnerable 2022-02-28 17:34:10