Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2021-27365

Published: 07/03/2021 Updated: 10/12/2021
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 412
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

An issue exists in the Linux kernel up to and including 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 9.0

oracle tekelec platform distribution

netapp solidfire_baseboard_management_controller_firmware -

Vendor Advisories

Amazon Linux AMI: ALAS-2021-1487
An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, the driver maps grant references provided by the frontend In this process, errors may be encountered In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful ...
Red Hat: CVE-2021-27365
A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash The highest threat from this vulnerability is to data confidentiality as well as system availability ...
Arch Linux Issues:
A security issue was found in the Linux kernel The linux kernel iscsi initiator code allows initiator/target parameters to be negotiated than can be longer than 4k, since no limit is imposed But when these values are displayed via sysfs, the sysfs subsystem limits that output to 4k, so the memory above that gets leaked ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-001
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC This flaw allows a local user to crash the system (CVE-2020-25639) An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-042
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system (CVE-2021-27363) A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi m ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-043
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system (CVE-2021-27363) A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi m ...
Amazon Linux 2: ALAS2-2021-1616
An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, the driver maps grant references provided by the frontend In this process, errors may be encountered In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-044
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system (CVE-2021-27363) A flaw was found in the Linux kernel An out-of-bounds read was discovered in the libiscsi m ...

Mailing Lists

Full Disclosure: Linux iscsi security fixes
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Linux iscsi security fixes <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Marcus Meissner &lt;meissner () suse d ...

Github Repositories

https://github.com/c4pt000/kernel-4.4.167expSEHDsec-4.18.0-trackpad

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.9.16-expSEHDsec-4.18.0-trackpad

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/aaronxie55/Presentation2_Markdown

iSCSI length constraints vulnerability in the Linux kernel By: Brody Massecar, Olatubosun Aremu and Yifeng Xie Introduction Barely a month ago, from the 5113 release version of Linux kernel had been discoverd a vulnerability called Linux Kernel Heap Buffer Overflow The CVE code indicated this vulnerability is CVE-2021-27365 Type of Vulnerability: Heap Buffer Overflow Where

https://github.com/c4pt000/kernel-5.11.0-expSEHDsec

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-cgroup-virtio

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

References

CWE-787https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7eehttps://www.openwall.com/lists/oss-security/2021/03/06/1https://bugzilla.suse.com/show_bug.cgi?id=1182715https://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlhttps://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.htmlhttps://lists.debian.org/debian-lts-announce/2021/03/msg00035.htmlhttp://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.htmlhttps://security.netapp.com/advisory/ntap-20210409-0001/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2021-1487.htmlhttps://github.com/c4pt000/kernel-4.4.167expSEHDsec-4.18.0-trackpad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook