Name of the Vulnerable Software and Affected Versions: open-iscsi versions prior to 2.1.3

Description: The issue is related to several problems in the open-iscsi package, including checks for TCP urgent pointer past end of frame, u8 overflow when processing TCP options, and header length underflow during checksum calculation. Additionally, there are fixes for memory leaks, illegal memory access, and NULL pointer dereferences in various components such as fwparam ppc, iscsiuio, and open-iscsi. The update also includes optimizations for mode parameter verification, fixes for host stats mode coredump, and improvements to logging levels. There is no information about the estimated number of potentially affected devices or real-world incidents.

Recommendations: For open-iscsi versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issues. As a temporary workaround, consider disabling the vulnerable components, such as the fwparam ppc and iscsiuio functions, until a patch is available. Restrict access to the vulnerable modules, such as open-iscsi and iscsid, to minimize the risk of exploitation. Avoid using the vulnerable API endpoints, such as those related to iscsiadm and iscsid, until the issue is resolved.