An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2021/03/06/1 | Mailing List Patch Third Party Advisory |
https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html | Exploit Third Party Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1182716 | Issue Tracking Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa | Mailing List Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210409-0001/ | Third Party Advisory |
Configurations
History
23 May 2022, 16:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
|
First Time |
Netapp
Netapp cloud Backup Netapp solidfire Baseboard Management Controller Firmware |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210409-0001/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html - Third Party Advisory, VDB Entry |
09 Apr 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Apr 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Mar 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2021, 23:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html - Exploit, Third Party Advisory |
21 Mar 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Mar 2021, 12:48
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://www.openwall.com/lists/oss-security/2021/03/06/1 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1182716 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html - Mailing List, Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 3.6
v3 : 4.4 |
09 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Mar 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-07 04:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-27363
Mitre link : CVE-2021-27363
CVE.ORG link : CVE-2021-27363
JSON object : View
Products Affected
netapp
- solidfire_baseboard_management_controller_firmware
- cloud_backup
linux
- linux_kernel
debian
- debian_linux
CWE