CVE-2021-27365

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee

https://www.openwall.com/lists/oss-security/2021/03/06/1

https://bugzilla.suse.com/show_bug.cgi?id=1182715

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html

https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html

https://security.netapp.com/advisory/ntap-20210409-0001/

https://www.oracle.com/security-alerts/cpuoct2021.html

Details

Source: MITRE

Published: 2021-03-07

Updated: 2021-10-20

Type: CWE-787

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.11.3 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (77 total)

IDNameProductFamilySeverity
154563NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0115)NessusNewStart CGSL Local Security Checks
high
153271EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-2392)NessusHuawei Local Security Checks
high
152167SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2021:2577-1)NessusSuSE Local Security Checks
high
151756openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
151730openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
151307EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-2075)NessusHuawei Local Security Checks
high
151229EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-2040)NessusHuawei Local Security Checks
high
151167EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2021-2002)NessusHuawei Local Security Checks
high
151042EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1983)NessusHuawei Local Security Checks
high
150927SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
150901SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
150550SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14724-1)NessusSuSE Local Security Checks
medium
150214EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1929)NessusHuawei Local Security Checks
high
150213EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1950)NessusHuawei Local Security Checks
high
149892openSUSE Security Update : the Linux Kernel (openSUSE-2021-758)NessusSuSE Local Security Checks
critical
149717SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1624-1)NessusSuSE Local Security Checks
high
149716SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1623-1)NessusSuSE Local Security Checks
high
149633SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1617-1)NessusSuSE Local Security Checks
high
149607EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1879)NessusHuawei Local Security Checks
high
149587EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1904)NessusHuawei Local Security Checks
high
149491SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1596-1)NessusSuSE Local Security Checks
high
149462SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1573-1)NessusSuSE Local Security Checks
high
149444RHEL 7 : kernel (RHSA-2021:1531)NessusRed Hat Local Security Checks
high
149441RHEL 7 : kpatch-patch (RHSA-2021:1532)NessusRed Hat Local Security Checks
high
149245Oracle Linux 6 : kernel (ELSA-2021-9212)NessusOracle Linux Local Security Checks
high
149236RHEL 7 : kpatch-patch (RHSA-2021:1377)NessusRed Hat Local Security Checks
high
149235RHEL 7 : kernel-alt (RHSA-2021:1379)NessusRed Hat Local Security Checks
high
149098EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)NessusHuawei Local Security Checks
high
149028RHEL 7 : kernel (RHSA-2021:1376)NessusRed Hat Local Security Checks
medium
149024RHEL 7 : kernel (RHSA-2021:1373)NessusRed Hat Local Security Checks
high
148892RHEL 8 : kpatch-patch (RHSA-2021:1295)NessusRed Hat Local Security Checks
high
148877RHEL 8 : kernel-rt (RHSA-2021:1279)NessusRed Hat Local Security Checks
high
148876RHEL 8 : kernel (RHSA-2021:1272)NessusRed Hat Local Security Checks
high
148853RHEL 7 : kernel (RHSA-2021:1289)NessusRed Hat Local Security Checks
high
148851RHEL 7 : kernel (RHSA-2021:1267)NessusRed Hat Local Security Checks
high
148747SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1238-1)NessusSuSE Local Security Checks
critical
148700SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1210-1)NessusSuSE Local Security Checks
high
148698SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1211-1)NessusSuSE Local Security Checks
critical
148634EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1715)NessusHuawei Local Security Checks
high
148604EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1751)NessusHuawei Local Security Checks
high
148509SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)NessusSuSE Local Security Checks
medium
148489RHEL 8 : kpatch-patch (RHSA-2021:1173)NessusRed Hat Local Security Checks
high
148460RHEL 8 : kernel (RHSA-2021:1171)NessusRed Hat Local Security Checks
high
148459Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9140)NessusOracle Linux Local Security Checks
high
148458Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9141)NessusOracle Linux Local Security Checks
high
148453Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9172)NessusOracle Linux Local Security Checks
high
148452Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9175)NessusOracle Linux Local Security Checks
high
148438openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)NessusSuSE Local Security Checks
critical
148425CentOS 7 : kernel (CESA-2021:1071)NessusCentOS Local Security Checks
high
148422CentOS 8 : kernel (CESA-2021:1093)NessusCentOS Local Security Checks
high
148390RHEL 7 : kernel (RHSA-2021:1071)NessusRed Hat Local Security Checks
high
148389SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1075-1)NessusSuSE Local Security Checks
high
148386SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1074-1)NessusSuSE Local Security Checks
high
148380Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9164)NessusOracle Linux Local Security Checks
high
148371Oracle Linux 8 : kernel (ELSA-2021-1093)NessusOracle Linux Local Security Checks
high
148370RHEL 8 : kernel (RHSA-2021:1093)NessusRed Hat Local Security Checks
high
148369RHEL 8 : kernel-rt (RHSA-2021:1081)NessusRed Hat Local Security Checks
high
148350Photon OS 4.0: Linux PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
148343Oracle Linux 7 : kernel (ELSA-2021-1071)NessusOracle Linux Local Security Checks
high
148331RHEL 7 : kpatch-patch (RHSA-2021:1069)NessusRed Hat Local Security Checks
high
148329RHEL 7 : kernel-rt (RHSA-2021:1070)NessusRed Hat Local Security Checks
high
148294Photon OS 1.0: Linux PHSA-2021-1.0-0375NessusPhotonOS Local Security Checks
high
148289Photon OS 2.0: Linux PHSA-2021-2.0-0332NessusPhotonOS Local Security Checks
high
148254Debian DLA-2610-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
148189Photon OS 3.0: Linux PHSA-2021-3.0-0210NessusPhotonOS Local Security Checks
high
148034Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4887-1)NessusUbuntu Local Security Checks
high
147972Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4883-1)NessusUbuntu Local Security Checks
high
147919Amazon Linux AMI : kernel (ALAS-2021-1487)NessusAmazon Linux Local Security Checks
high
147914Amazon Linux 2 : kernel (ALAS-2021-1616)NessusAmazon Linux Local Security Checks
high
147899OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0008)NessusOracleVM Local Security Checks
high
147865Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9113)NessusOracle Linux Local Security Checks
high
147864Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9116)NessusOracle Linux Local Security Checks
high
147862Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9112)NessusOracle Linux Local Security Checks
high
147840Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9114)NessusOracle Linux Local Security Checks
high
147839Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9115)NessusOracle Linux Local Security Checks
high
147790Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-072-01)NessusSlackware Local Security Checks
high
147532Debian DLA-2586-1 : linux security updateNessusDebian Local Security Checks
high