A new vulnerability in the Linux Kernel TIPC module has been disclosed affecting all Linux distributions with a Kernel version lower than 5.15. The vulnerability can be exploited both locally and remotely within a network.
Kernel TIPC RCE Vulnerability (CVE-2021-43267)
Reported by SentinelOne, the vulnerability tracked as CVE-2021-43267 is a vulnerability in the Kernel Transparent Inter Process Communication module. TIPC is a transport layer protocol created for machines running in dynamic cluster environments so that they can communicate with each other in a way that is both more efficient and fault-tolerant than for example TCP.
SentinelOne also mentioned that: "While TIPC itself isn't loaded automatically by the system but by end users, the ability to configure it from an unprivileged local perspective and the possibility of remote exploitation makes this a dangerous vulnerability for those that use it in their networks,"
According to SentinelOne the vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system,". While this vulnerability was disclosed on October 19, there have been no reports of exploitations yet. A fix for the vulnerability was released with Kernel version 5.15 released on October 31, 2021.
Manage Linux Kernel Versions
Lansweeper easily gives you an overview of all of your Linux machines so you always know exactly how many Linux devices are in your IT environment. In addition to identifying assets, you'll also have all the details you need to manage your Linux environment like hardware and software details like the distribution, its version, and which kernel version is being used.
To help you with this specific vulnerability, we've created a special report that provides a complete list of all Linux machines in your IT environment. It also lists the specific Linux distribution and version along with the Kernel version that is currently in use. Lastly, color-coding has been added to identify machines that are still vulnerable to this vulnerability and have a Kernel version between 5.10 and 5.15.