ID

VAR-202103-0920

CVE

CVE-2021-27363

TITLE

Linux Kernel  Vulnerability in

DESCRIPTION

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. Linux Kernel Contains an unspecified vulnerability.Information is obtained and denial of service (DoS) It may be put into a state. ========================================================================= Ubuntu Security Notice USN-4887-1 March 23, 2021 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm, linux-oem-5.10, linux-oem-5.6, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2-5.3 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: linux-image-5.8.0-1019-raspi 5.8.0-1019.22 linux-image-5.8.0-1019-raspi-nolpae 5.8.0-1019.22 linux-image-5.8.0-1022-kvm 5.8.0-1022.24 linux-image-5.8.0-1024-oracle 5.8.0-1024.25 linux-image-5.8.0-1026-azure 5.8.0-1026.28 linux-image-5.8.0-1026-gcp 5.8.0-1026.27 linux-image-5.8.0-1027-aws 5.8.0-1027.29 linux-image-5.8.0-48-generic 5.8.0-48.54 linux-image-5.8.0-48-generic-64k 5.8.0-48.54 linux-image-5.8.0-48-generic-lpae 5.8.0-48.54 linux-image-5.8.0-48-lowlatency 5.8.0-48.54 linux-image-aws 5.8.0.1027.29 linux-image-azure 5.8.0.1026.26 linux-image-gcp 5.8.0.1026.26 linux-image-generic 5.8.0.48.53 linux-image-generic-64k 5.8.0.48.53 linux-image-generic-lpae 5.8.0.48.53 linux-image-gke 5.8.0.1026.26 linux-image-kvm 5.8.0.1022.24 linux-image-lowlatency 5.8.0.48.53 linux-image-oem-20.04 5.8.0.48.53 linux-image-oracle 5.8.0.1024.23 linux-image-raspi 5.8.0.1019.22 linux-image-raspi-nolpae 5.8.0.1019.22 linux-image-virtual 5.8.0.48.53 Ubuntu 20.04 LTS: linux-image-5.10.0-1019-oem 5.10.0-1019.20 linux-image-5.4.0-1012-gkeop 5.4.0-1012.13 linux-image-5.4.0-1032-raspi 5.4.0-1032.35 linux-image-5.4.0-1036-kvm 5.4.0-1036.37 linux-image-5.4.0-1040-gcp 5.4.0-1040.43 linux-image-5.4.0-1041-aws 5.4.0-1041.43 linux-image-5.4.0-1041-oracle 5.4.0-1041.44 linux-image-5.4.0-1043-azure 5.4.0-1043.45 linux-image-5.4.0-70-generic 5.4.0-70.78 linux-image-5.4.0-70-generic-lpae 5.4.0-70.78 linux-image-5.4.0-70-lowlatency 5.4.0-70.78 linux-image-5.6.0-1052-oem 5.6.0-1052.56 linux-image-5.8.0-48-generic 5.8.0-48.54~20.04.1 linux-image-5.8.0-48-generic-64k 5.8.0-48.54~20.04.1 linux-image-5.8.0-48-generic-lpae 5.8.0-48.54~20.04.1 linux-image-5.8.0-48-lowlatency 5.8.0-48.54~20.04.1 linux-image-aws 5.4.0.1041.42 linux-image-azure 5.4.0.1043.41 linux-image-gcp 5.4.0.1040.49 linux-image-generic 5.4.0.70.73 linux-image-generic-64k-hwe-20.04 5.8.0.48.54~20.04.32 linux-image-generic-hwe-20.04 5.8.0.48.54~20.04.32 linux-image-generic-lpae 5.4.0.70.73 linux-image-generic-lpae-hwe-20.04 5.8.0.48.54~20.04.32 linux-image-gkeop 5.4.0.1012.15 linux-image-gkeop-5.4 5.4.0.1012.15 linux-image-kvm 5.4.0.1036.34 linux-image-lowlatency 5.4.0.70.73 linux-image-lowlatency-hwe-20.04 5.8.0.48.54~20.04.32 linux-image-oem 5.4.0.70.73 linux-image-oem-20.04 5.6.0.1052.48 linux-image-oem-20.04b 5.10.0.1019.20 linux-image-oem-osp1 5.4.0.70.73 linux-image-oracle 5.4.0.1041.38 linux-image-raspi 5.4.0.1032.67 linux-image-raspi2 5.4.0.1032.67 linux-image-virtual 5.4.0.70.73 linux-image-virtual-hwe-20.04 5.8.0.48.54~20.04.32 Ubuntu 18.04 LTS: linux-image-5.3.0-1038-raspi2 5.3.0-1038.40 linux-image-5.3.0-1041-gke 5.3.0-1041.44 linux-image-5.3.0-72-generic 5.3.0-72.68 linux-image-5.3.0-72-lowlatency 5.3.0-72.68 linux-image-5.4.0-1012-gkeop 5.4.0-1012.13~18.04.1 linux-image-5.4.0-1032-raspi 5.4.0-1032.35~18.04.1 linux-image-5.4.0-1039-gke 5.4.0-1039.41~18.04.1 linux-image-5.4.0-1040-gcp 5.4.0-1040.43~18.04.1 linux-image-5.4.0-1041-aws 5.4.0-1041.43~18.04.1 linux-image-5.4.0-1041-oracle 5.4.0-1041.44~18.04.1 linux-image-5.4.0-1043-azure 5.4.0-1043.45~18.04.1 linux-image-5.4.0-70-generic 5.4.0-70.78~18.04.1 linux-image-5.4.0-70-generic-lpae 5.4.0-70.78~18.04.1 linux-image-5.4.0-70-lowlatency 5.4.0-70.78~18.04.1 linux-image-aws 5.4.0.1041.24 linux-image-azure 5.4.0.1043.23 linux-image-gcp 5.4.0.1040.27 linux-image-generic-hwe-18.04 5.4.0.70.78~18.04.63 linux-image-generic-lpae-hwe-18.04 5.4.0.70.78~18.04.63 linux-image-gke-5.3 5.3.0.1041.24 linux-image-gke-5.4 5.4.0.1039.41~18.04.6 linux-image-gkeop-5.3 5.3.0.72.129 linux-image-gkeop-5.4 5.4.0.1012.13~18.04.13 linux-image-lowlatency-hwe-18.04 5.4.0.70.78~18.04.63 linux-image-oem 5.4.0.70.78~18.04.63 linux-image-oem-osp1 5.4.0.70.78~18.04.63 linux-image-oracle 5.4.0.1041.44~18.04.23 linux-image-raspi-hwe-18.04 5.4.0.1032.34 linux-image-raspi2-hwe-18.04 5.3.0.1038.27 linux-image-snapdragon-hwe-18.04 5.4.0.70.78~18.04.63 linux-image-virtual-hwe-18.04 5.4.0.70.78~18.04.63 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * System Crash / Core dump while deleting VMs (BZ#1897687) * various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907302) * Unable to receive the signal registered using mq_notify(). (BZ#1926111) * SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927522) * enable CONFIG_RANDOM_TRUST_CPU (BZ#1928027) * [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929739) * Configuring the system with non-RT kernel will hang the system (BZ#1930737) * fNIC driver needs a patch fix that addresses crash (BZ#1932460) * OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944670) Enhancement(s): * mlx5: Hairpin Support in Switch Mode (BZ#1924690) * Trace mode enablement in IMC to facilitate perf-kvm support (perf:) (BZ#1929696) * ice: Enable Flow Director Support (BZ#1930780) 4. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1427 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1941768 - Reports that has specified a retention should not be requeued in the sync handler 1954163 - Placeholder bug for OCP 4.6.0 extras release 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:1070-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1070 Issue date: 2021-04-06 CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL7.9 Realtime crashes due to a blocked task detection. The blocked task is stuck in unregister_shrinker() where multiple tasks have taken the shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex. [kernel-rt] (BZ#1935557) * kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm Red Hat Enterprise Linux for Real Time (v. 7): Source: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGwUItzjgjWX9erEAQjxsA//SlDSD/SJHCxceZvPrzgBTa7x6icArqhH 08++iBcxQ924tX3O9AizfbKGi4SfixaLnkTK/ZmucTD1nctMxvbQU/bSwnqT6NEv SIEMMhxnwCG09utCX1hlKMjOjtwT53oapInBu8svGowlXzOg4WSzBLv5q7A7QmuQ uFkSrymbQvoGVsDW3cee2xksPtHDuXg7rsNrnr5sfpyY0qrONgiy9WnhR4C/fCw3 uG/kedTHM4tTT0+8JgC4hfiAOZSSf6cowobPkE/kmOGxmUdLC8G4aRNQzOP/PPyp MXQfo77P5Oq8FDt28DqlTTxu589YKUiY0/QtiCy4+nKMQ3eCFu6MK8es20VEamrk CSr8Ms5OzUbAgEwlQnqcKjaXqEa6Z10SrqgL6tVYQmnqmO5y8XcnAJTNN8aAjvWj 6FoTLwpcGkNuL6ctaUjf8+tv/ybZG5OTLgvBto8pmS4pQBldxsn5MJUERye3POes lh6QZtE3x59NsuDV0nczleVHO7pHbgpe5EiNXufRIVp9VvH6VU3JArSFq5GOwqNC TRei+AumL9AL9cUWUE50DR3aBiPvXUbYabz8v0e5fPeXl/EkQAiypT4l82bxwoqI l7CV1v62LoyfaPfHq34dPZA8I4BAdqorDYSDbtcgkOO1W1T4NeNOIBRJn6J/n8QW r8zE0R3Ih9M=OvRU -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - x86_64 3

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

other

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-06-26T21:23:41.180000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE