Published: 07/03/2021 Updated: 23/05/2022

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.4 | Impact Score: 2.5 | Exploitability Score: 1.8

VMScore: 323

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

An issue exists in the Linux kernel up to and including 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 9.0
netapp cloud backup -
netapp solidfire baseboard management controller firmware -

An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, the driver maps grant references provided by the frontend In this process, errors may be encountered In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful ...

A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system ...

A security issue was found in the Linux kernel The iscsi initiator kernel subsystem makes the transport handle available via sysfs so that the iscsid daemon can access it, but it makes this visible to all users, making it possible for non-root users to attack the iscsi subsystem using this knowledge, particularly together with CVE-2021-27364, whic ...

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC This flaw allows a local user to crash the system (CVE-2020-25639) An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, ...

A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system (CVE-2021-27363) A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi m ...

An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, the driver maps grant references provided by the frontend In this process, errors may be encountered In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful ...

A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system (CVE-2021-27363) A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi m ...

oss-sec mailing list archives   By Date By Thread </form>    Linux iscsi security fixes   From: Marcus Meissner <meissner () suse d ...

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

iSCSI length constraints vulnerability in the Linux kernel By: Brody Massecar, Olatubosun Aremu and Yifeng Xie Introduction Barely a month ago, from the 5113 release version of Linux kernel had been discoverd a vulnerability called Linux Kernel Heap Buffer Overflow The CVE code indicated this vulnerability is CVE-2021-27365 Type of Vulnerability: Heap Buffer Overflow Where

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

NVD-CWE-noinfo https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa http://www.openwall.com/lists/oss-security/2021/03/06/1 https://bugzilla.suse.com/show_bug.cgi?id=1182716 https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html https://security.netapp.com/advisory/ntap-20210409-0001/https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2021-1487.html https://github.com/c4pt000/kernel-4.4.167expSEHDsec-4.18.0-trackpad

CVE-2021-27363

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect