CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:39

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB/', 'name': 'FEDORA-2021-bdd146e463', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/', 'name': 'FEDORA-2021-a093973910', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB/ -

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-20 CWE-1284

28 Feb 2022, 21:02

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2022/02/10/1 - (MLIST) http://www.openwall.com/lists/oss-security/2022/02/10/1 - Exploit, Mailing List, Third Party Advisory

10 Feb 2022, 16:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/02/10/1 -

29 Nov 2021, 17:23

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211125-0002/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211125-0002/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB/ - Mailing List, Third Party Advisory

25 Nov 2021, 07:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211125-0002/ -

06 Nov 2021, 05:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB/ -

06 Nov 2021, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/ -

04 Nov 2021, 18:15

Type Values Removed Values Added
CWE CWE-20
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
References (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16 - (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16 - Mailing List, Release Notes, Vendor Advisory
References (MISC) https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0 - (MISC) https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0 - Patch, Third Party Advisory

02 Nov 2021, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-02 23:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-43267

Mitre link : CVE-2021-43267

CVE.ORG link : CVE-2021-43267


JSON object : View

Products Affected

netapp

  • h700s_firmware
  • h700s
  • h300s_firmware
  • h410s
  • h300e
  • h500s_firmware
  • h300e_firmware
  • h500e
  • h500e_firmware
  • h700e
  • h410s_firmware
  • h700e_firmware
  • h500s
  • h300s

fedoraproject

  • fedora

linux

  • linux_kernel
CWE
CWE-1284

Improper Validation of Specified Quantity in Input