A security issue was found in the Linux kernel. The iscsi initiator kernel subsystem makes the transport handle available via sysfs so that the iscsid daemon can access it, but it makes this visible to all users, making it possible for non-root users to attack the iscsi subsystem using this knowledge, particularly together with CVE-2021-27364, which allows non-root users to user the netlink socket to talk to the iscsi kernel subsystem.
A security issue was found in the Linux kernel. The iscsi initiator kernel subsystem makes the transport handle available via sysfs so that the iscsid daemon can access it, but it makes this visible to all users, making it possible for non-root users to attack the iscsi subsystem using this knowledge, particularly together with CVE-2021-27364, which allows non-root users to user the netlink socket to talk to the iscsi kernel subsystem.
https://www.openwall.com/lists/oss-security/2021/03/06/1 https://bugzilla.suse.com/show_bug.cgi?id=1182716 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa