An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)
Impact
An attacker can exploit the vulnerability to access restricted information, modify files, or cause a denial-of-service (DoS) attack.