CVE-2021-27365

March 21, 2021

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Summary:

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Reference Links(if available):

  • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
  • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee
  • https://www.openwall.com/lists/oss-security/2021/03/06/1
  • https://bugzilla.suse.com/show_bug.cgi?id=1182715
  • https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

    • CVSS Score (if available)

    v2: / MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    cybersecurity

    Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ebir[.]com/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]saglobal[.]com/

    April 23, 2024