PT-2021-2243 · Linux+8 · Linux Kernel+8

Published

2021-03-04

·

Updated

2023-05-17

·

CVE-2021-27364

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.11.3
Description The issue is related to a buffer overflow in the iSCSI subsystem of the Linux kernel, which can be exploited by sending specially crafted Netlink messages. This can allow an attacker to cause a denial of service or elevate their privileges. The drivers/scsi/scsi transport iscsi.c file is affected, and an unprivileged user can create malicious Netlink messages. The vulnerability is also related to a lack of protection for service data, allowing an attacker to connect to the iscsi NETLINK socket and send commands to the kernel.
Recommendations For Linux kernel versions prior to 5.11.3, update to a version 5.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the drivers/scsi/scsi transport iscsi.c file and the iscsi NETLINK socket to minimize the risk of exploitation. Avoid using the scsi transport iscsi.c file and the Netlink messages until the issue is resolved.

Exploit

Fix

Out of bounds Read

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-200

Related Identifiers

ALSA-2021:1093
ALT-PU-2021-1447
ALT-PU-2021-1525
ALT-PU-2021-1869
ALT-PU-2021-1888
ALT-PU-2021-1896
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
AZL-6533
BDU:2021-01213
BDU:2021-01650
CESA-2021_1071
CESA-2021_1081
CESA-2021_1093
CVE-2021-27364
DLA-2586-1
DLA-2610-1
MGASA-2021-0151
MGASA-2021-0152
OESA-2021-1111
OPENSUSE-SU-2021:0532-1
OPENSUSE-SU-2021:0758-1
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021_0532-1
OPENSUSE-SU-2021_0758-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
RHSA-2021:1069
RHSA-2021:1070
RHSA-2021:1071
RHSA-2021:1081
RHSA-2021:1093
RHSA-2021:1171
RHSA-2021:1173
RHSA-2021:1267
RHSA-2021:1272
RHSA-2021:1279
RHSA-2021:1288
RHSA-2021:1289
RHSA-2021:1295
RHSA-2021:1373
RHSA-2021:1376
RHSA-2021:1377
RHSA-2021:1379
RHSA-2021:1531
RHSA-2021:1532
RHSA-2021_1070
RHSA-2021_1071
RHSA-2021_1081
RHSA-2021_1093
RHSA-2021_1288
SUSE-SU-2021:1046-1
SUSE-SU-2021:1074-1
SUSE-SU-2021:1075-1
SUSE-SU-2021:1145-1
SUSE-SU-2021:1148-1
SUSE-SU-2021:1175-1
SUSE-SU-2021:1176-1
SUSE-SU-2021:1177-1
SUSE-SU-2021:1210-1
SUSE-SU-2021:1211-1
SUSE-SU-2021:1238-1
SUSE-SU-2021:14724-1
SUSE-SU-2021:1573-1
SUSE-SU-2021:1596-1
SUSE-SU-2021:1617-1
SUSE-SU-2021:1623-1
SUSE-SU-2021:1624-1
SUSE-SU-2021:1625-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
SUSE-SU-2021:2577-1
SUSE-SU-2021_14724-1
USN-4883-1
USN-4887-1
USN-4889-1
USN-4901-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu