7.8

CVE-2021-27365

Exploit

EPSS 0.34%
Veröffentlicht 07.03.2021 05:15:13
Zuletzt bearbeitet 21.11.2024 05:57:50
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

NVD 4 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 5.11.3

Debian ≫ Debian Linux Version9.0

Oracle ≫ Tekelec Platform Distribution Version >= 7.4.0 <= 7.7.1

Netapp ≫ Solidfire Baseboard Management Controller Firmware Version-

Netapp ≫ Solidfire Baseboard Management Controller Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.563

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html

Third Party Advisory

VDB Entry

https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20210409-0001/

Third Party Advisory

https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html

Third Party Advisory

Exploit

https://www.openwall.com/lists/oss-security/2021/03/06/1

Third Party Advisory

Mailing List

https://bugzilla.suse.com/show_bug.cgi?id=1182715

Third Party Advisory

Issue Tracking

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee

Patch

Vendor Advisory

Mailing List

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5

Patch

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-27365

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27365

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27365

EUVD