Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-27365

A security issue was found in the Linux kernel. The linux kernel iscsi initiator code allows initiator/target parameters to be negotiated than can be longer than 4k, since no limit is imposed. But when these values are displayed via sysfs, the sysfs subsystem limits that output to 4k, so the memory above that gets leaked.

Source

Severity Medium

Remote No

Type Information disclosure

Description

A security issue was found in the Linux kernel. The linux kernel iscsi initiator code allows initiator/target parameters to be negotiated than can be longer than 4k, since no limit is imposed. But when these values are displayed via sysfs, the sysfs subsystem limits that output to 4k, so the memory above that gets leaked.

AVG-1661 linux-lts 5.10.20-1 Medium Vulnerable

AVG-1660 linux-hardened 5.10.19.hardened1-1 Medium Vulnerable

AVG-1659 linux-zen 5.11.3.zen1-1 Medium Vulnerable

AVG-1658 linux 5.11.3.arch4-1 Medium Vulnerable

https://www.openwall.com/lists/oss-security/2021/03/06/1
https://bugzilla.suse.com/show_bug.cgi?id=1182715
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect