CVE-2021-27363
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-27363
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27363.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-27363
- Related
- Published
- 2021-03-07T04:15:13Z
- Modified
- 2024-09-18T01:00:20Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsitransport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsitransport/$TRANSPORTNAME/handle. When read, the showtransporthandle function (in drivers/scsi/scsitransportiscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsitransport struct in the kernel module's global variables.
- References
-
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa
- https://security.netapp.com/advisory/ntap-20210409-0001/
- http://www.openwall.com/lists/oss-security/2021/03/06/1
- https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://bugzilla.suse.com/show_bug.cgi?id=1182716
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://security-tracker.debian.org/tracker/CVE-2021-27363
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source