Adam Nichols

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.3 Description: An issue in the Linux kernel allows a kernel pointer leak, which can be used to determine the address of the `iscsi transport` structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at `/sys/class/iscsi transport/$TRANSPORT NAME/handle`. The `show transport handle` function in `drivers/scsi/scsi transport iscsi.c` leaks the handle, which is actually a pointer to an `iscsi transport` struct in the kernel module's global variables. This can allow an attacker to disclose protected information or cause a denial of service. Recommendations: For Linux kernel versions prior to 5.11.3, consider disabling the `show transport handle` function as a temporary workaround until a patch is available. Restrict access to the `/sys/class/iscsi transport/$TRANSPORT NAME/handle` sysfs file to minimize the risk of exploitation. Avoid using the `handle` variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.