CyberNews Briefs

Critical Linux Kernel Bug Allows Remote Takeover

A new critical Linux bug that allows remote takeover has been discovered by security researchers. The bug, tracked as CVE-2021-43267, exists in a TIPC message that allows Linux nodes to send cryptographic keys back and forth between devices. The vulnerability is known as a critical heap-overflow security bug in the Transparent Inter-Process Communication module of the Linux kernel. If exploited by an attacker, it could lead to remote code execution which can pave the way to full system compromise.

According to SentinelLabs, the newly discovered bug resides specifically in a message type that allows for secure communication between devices. When received by another device, the keys can be used to decrypt further communications from the sending node. TIPC is a protocol used by nodes within a Linux cluster to communicate with each other in a secure and optimized way, enabling various messaging types designed for different purposes.

Read More: Critical Linux Kernel Bug Allows Remote Takeover

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.