← back
CVE-2021-27365

CVE-2021-27365

EPSS 2.1%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 2.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Mar 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.htmlhttps://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=1182715https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7eehttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5https://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2021/03/msg00035.htmlhttps://security.netapp.com/advisory/ntap-20210409-0001/https://www.openwall.com/lists/oss-security/2021/03/06/1https://www.oracle.com/security-alerts/cpuoct2021.html