CVE-2021-43267
Public on 2021-11-02
Modified on 2022-01-06
Description
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Kernel-5.10 Extra | kernel | 2022-01-20 | ALAS2KERNEL-5.10-2022-007 | Fixed |
| HAQM Linux 2 - Livepatch Extra | kernel-livepatch-5.10.62-55.141 | 2021-12-02 | ALAS2LIVEPATCH-2021-074 | Fixed |
| HAQM Linux 2 - Livepatch Extra | kernel-livepatch-5.10.68-62.173 | 2021-12-02 | ALAS2LIVEPATCH-2021-073 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |