Appgate researchers have published a whitepaper regarding the Linux kernel flaw they have found. The vulnerability can be tracked with CVE-2022-0435 but its CVSS score is not declared yet. The stack buffer overflow bug allows malicious actors to execute remote codes, which is pretty dangerous.
Remains silently since 2016
According to the whitepaper, the bug exists on the networking module for TIPC (Transparent Inter-Process Communication) protocol. This protocol is an IPC mechanism designed for intra-cluster communication. Triggering the stack buffer overflow bug on TIPC is possible both locally and remotely. The bug can be used for either remote code execution or a denial-of-service attack.
Solutions
Update the kernel
The most surprising part of the bug is how long it remains in the Linux kernel. The Transparent Inter-Process Communication protocol was first introduced in June 2016 and it was included in Linux kernel 4.8. Thankfully the long-lived vulnerability is fixed in Linux kernel 5.17 rc3 and the fix is also merged into stable branches. So, simply update your system.
Unload and prevent loading the module
Those who can’t afford to upgrade their Linux kernel can unload, and prevent loading the TIPC module for mitigation:
- Check if the module is loaded
$ lsmod | grep tipc- Unload the TIPC module (might need a reboot)
$ modprobe -r tipc- Prevent the TIPC module from being loaded
$ echo "install tipc /bin/true" >> /etc/modprobe.d/disable-tipc.conf