CVE-2021-27363 — Sensitive Information Exposure in Linux
Severity
4.4MEDIUMNVD
OSV4.7
EPSS
0.0%
top 90.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 7
Latest updateAug 29
Description
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actuall…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 1.8 | Impact: 2.5
Affected Packages5 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-03-29
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm,↗2021-03-23
📋Vendor Advisories
7Microsoft▶
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the ↗2021-03-09