CVE-2021-43267

CRITICAL

Linux Kernel <5.14.16 - RCE

Title source: llm

Description

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Exploits (3)

nomisec WORKING POC 4 stars

by zzhacked · poc

https://github.com/zzhacked/CVE-2021-43267

View Code ZIP pw:eip

nomisec STUB

by DarkSprings · poc

https://github.com/DarkSprings/CVE-2021-43267-POC

View Code ZIP pw:eip

inthewild

poc

https://github.com/ohnonoyesyes/cve-2021-43267

View on inthewild

References (6)

[Exploit, Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/02/10/1

[Mailing List, Release Notes, Vendor Advisory] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20211125-0002/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/

Scores

CVSS v3 9.8

EPSS 0.7262

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1284

Status published

Products (10)

fedoraproject/fedora 34

fedoraproject/fedora 35

linux/linux_kernel 5.10 - 5.10.77

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410s_firmware

netapp/h500e_firmware

netapp/h500s_firmware

netapp/h700e_firmware

netapp/h700s_firmware

Published Nov 02, 2021

Tracked Since Feb 18, 2026