CVE-2021-27363

Name
CVE-2021-27363
Description
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa
Mailing List http://www.openwall.com/lists/oss-security/2021/03/06/1
Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1182716
Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Exploit https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
MLIST https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
MISC http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
CONFIRM https://security.netapp.com/advisory/ntap-20210409-0001/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None <= 5.11.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status