CVE-2021-27365

Опубликовано: 07 мар. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Ссылки

http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
Third Party Advisory
VDB Entry
https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
Exploit
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1182715
Issue Tracking
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee
Mailing List
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210409-0001/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/03/06/1
Mailing List
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
Third Party Advisory
VDB Entry
https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
Exploit
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1182715
Issue Tracking
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee
Mailing List
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210409-0001/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/03/06/1
Mailing List
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.11.3 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.7.1 (включая)

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00358

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2021-27365

CVSS3: 7.8

ubuntu

больше 4 лет назад

CVE-2021-27365

CVSS3: 7.8

redhat

больше 4 лет назад

CVE-2021-27365

CVSS3: 7.8

msrc

больше 4 лет назад

Описание отсутствует

CVE-2021-27365

CVSS3: 7.8

debian

больше 4 лет назад

An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...

GHSA-qwp9-8pwv-6hg4

github

около 3 лет назад

EPSS

Процентиль: 57%

0.00358

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787