CVE-2021-43267
Public on 2021-11-02
Modified on 2022-01-06
Description
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2022-01-20 | ALAS2KERNEL-5.10-2022-007 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.62-55.141 | 2021-12-02 | ALAS2LIVEPATCH-2021-074 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.68-62.173 | 2021-12-02 | ALAS2LIVEPATCH-2021-073 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |