Researchers disclosed multiple Linux kernel memory-corruption vulnerabilities affecting network-facing components, including a remote heap overflow in the Transparent Inter Process Communication (TIPC) module tracked as CVE-2021-43267, and a later packet-socket flaw, CVE-2025-38617, that was shown to be exploitable through a race condition. The TIPC issue exposed systems running the module to potential arbitrary code execution in kernel context, highlighting the risk posed by rarely used but reachable networking features in default or enterprise Linux deployments.
Additional advisory coverage from the Zero Day Initiative underscored continued security concerns around Linux kernel bug classes such as heap overflows and race conditions, which can be leveraged for privilege escalation or full system compromise depending on exposure and configuration. Together, the reports show that flaws in low-level packet handling and inter-process communication paths remain a high-impact attack surface, especially where vulnerable kernel modules are enabled or accessible to untrusted users or networks.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Calif published research describing exploitation of CVE-2025-38617 in Linux packet sockets, including technical details on how the race condition could be exploited. This marks public release of exploit-focused analysis for that kernel vulnerability.
The Zero Day Initiative released advisory ZDI-24-821, documenting a distinct Linux kernel vulnerability and making the issue publicly known through its advisory process. The reference indicates a new disclosure event separate from the earlier TIPC bug.
SentinelOne Labs published technical details for CVE-2021-43267, a remote heap overflow in the Linux kernel's TIPC module that could allow arbitrary code execution. The disclosure established the vulnerability as a significant remotely reachable Linux kernel flaw.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
blog.calif.io
Open sourcezerodayinitiative.com
Open sourcesentinelone.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.