Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2021-27364

Published: 07/03/2021 Updated: 08/12/2021
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 323
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Linux Kernel

Vulnerability Summary

An issue exists in the Linux kernel up to and including 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 9.0

netapp solidfire_baseboard_management_controller_firmware -

oracle tekelec platform distribution

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

Vendor Advisories

Amazon Linux AMI: ALAS-2021-1487
An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, the driver maps grant references provided by the frontend In this process, errors may be encountered In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful ...
Red Hat: CVE-2021-27364
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system ...
Arch Linux Issues:
A security issue was found in the Linux kernel This vulnerability allows any user to connect to the iscsi NETLINK socket and send commands to the kernel, such as "end a session" ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-001
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC This flaw allows a local user to crash the system (CVE-2020-25639) An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-042
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system (CVE-2021-27363) A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi m ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-043
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system (CVE-2021-27363) A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi m ...
Amazon Linux 2: ALAS2-2021-1616
An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, the driver maps grant references provided by the frontend In this process, errors may be encountered In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-044
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system (CVE-2021-27363) A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi m ...

Mailing Lists

Full Disclosure: Linux iscsi security fixes
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Linux iscsi security fixes <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Marcus Meissner &lt;meissner () suse d ...

Github Repositories

https://github.com/c4pt000/kernel-4.4.167expSEHDsec-4.18.0-trackpad

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.9.16-expSEHDsec-4.18.0-trackpad

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/aaronxie55/Presentation2_Markdown

iSCSI length constraints vulnerability in the Linux kernel By: Brody Massecar, Olatubosun Aremu and Yifeng Xie Introduction Barely a month ago, from the 5113 release version of Linux kernel had been discoverd a vulnerability called Linux Kernel Heap Buffer Overflow The CVE code indicated this vulnerability is CVE-2021-27365 Type of Vulnerability: Heap Buffer Overflow Where

https://github.com/c4pt000/kernel-5.11.0-expSEHDsec

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-cgroup-virtio

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

References

CWE-125https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aahttps://bugzilla.suse.com/show_bug.cgi?id=1182717https://www.openwall.com/lists/oss-security/2021/03/06/1https://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlhttps://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.htmlhttps://lists.debian.org/debian-lts-announce/2021/03/msg00035.htmlhttp://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.htmlhttps://security.netapp.com/advisory/ntap-20210409-0001/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2021-1487.htmlhttps://github.com/c4pt000/kernel-4.4.167expSEHDsec-4.18.0-trackpad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook