From f16d0d9c7146a87d4a28d08bf0e507bfd45bcfba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8D=A2=E6=B4=9B=E8=8A=B3=E5=AD=90?= <fangzi@buaa.edu.cn>
Date: Wed, 15 Mar 2023 08:59:02 +0000
Subject: [PATCH] add cve/linux-kernel/2021/yaml/CVE-2021-43267.yaml.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 卢洛芳子 <fangzi@buaa.edu.cn>
---
 .../2021/yaml/CVE-2021-43267.yaml             | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 cve/linux-kernel/2021/yaml/CVE-2021-43267.yaml

diff --git a/cve/linux-kernel/2021/yaml/CVE-2021-43267.yaml b/cve/linux-kernel/2021/yaml/CVE-2021-43267.yaml
new file mode 100644
index 00000000..38cb0b69
--- /dev/null
+++ b/cve/linux-kernel/2021/yaml/CVE-2021-43267.yaml
@@ -0,0 +1,22 @@
+id: CVE-2021-43267
+source: https://github.com/zzhacked/CVE-2021-43267
+info:
+  name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核
+  severity: critical
+  description:
+    该漏洞是由于Linux内核中的net/tipc/crypto.c存在溢出漏洞, TIPC在2020年9月引入的新用户消息类型“MSG_CRYPTO”, 其标头大小和消息大小都根据实际数据包大小进行验证, 但对于消息的keylen成员MSG_CRYPTO或密钥算法名称本身(TIPC_AEAD_ALG_NAME)的大小没有类似大小的检查, 这就导致恶意攻击者可以在此处构造一个较小的恶意数据包, 然后利用keylen成员属性的任意大小特性写入该位置的边界之外, 从而造成远程代码执行. 由于本地对于内核堆大小的控制更加容易, 因此该漏洞很容易在本地进行利用, 而因为TIPC本身的特性, 恶意攻击者也可以利用该漏洞实施远程攻击, 由于该漏洞利用方式简单, 危害较大.
+  scope-of-influence:
+    5.10-rc1 < Linux Kernel < 5.15
+  reference:
+    - https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/
+    - https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html
+    - https://www.zdnet.com/article/remote-code-execution-flaw-patched-in-linux-kernel-tipc-module/#ftag=RSSbaffb68
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-43267
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2021-43267
+    cwe-id: CWE-20
+    cnvd-id: None
+    kve-id: None
+  tags: 堆溢出漏洞
\ No newline at end of file