CVE-2021-27365 — Out-of-bounds Write in Kernel
CWE-787 — Out-of-bounds WriteCWE-788 — Access of Memory Location After End of Buffer13 documents8 sources
Severity
7.8HIGHNVD
OSV4.4
EPSS
0.5%
top 34.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 7
Latest updateMay 24
Description
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-03-29
📋Vendor Advisories
7Microsoft▶
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks and can exceed the PAGE_SIZE value. An unprivileged user ↗2021-03-09