Details of VAR-202103-0920

ID

VAR-202103-0920

CVE

CVE-2021-27363

TITLE

Linux Kernel Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004361

DESCRIPTION

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. Linux Kernel Contains an unspecified vulnerability.Information is obtained and denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1267 Issue date: 2021-04-20 CVE Names: CVE-2020-14351 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930932) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.84.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.84.1.el7.ppc64le.rpm perf-3.10.0-693.84.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH7PN9zjgjWX9erEAQj00Q//dwJUA3XoZ8Ferzd26sJ/DcX6mUEUBmHR ak7tX27vETn/72UdgkHJkB0XRqsn6yjQBdowxXQe7zdcmnPFemMlluDzwNnNw2ME FqLcIPgWI7qct32+csGDvOfUDz912A+Sc9XB2oekMpXgeMunfxz3FfmocZPVKcqh OJq9MTkjJcktHOKvwr40xnYKk/0cKUqcjqQxGZbYCr0RZ3u88vHd8JIDZqmBr+dk tYHIs5lIZ2jICescQf9nwQByB4jm8BX7WDqmdyvV8jrrRzVYhLyFZdDDo9nosDVK 4y++m9pLVqHtkojPscbn2+NBEDHJxUmtFn5JabSLb51Jog0tGu+QC5MEtfqc5jgH Cn/M47TR6OiB88i8FdQva40HWGsEQanZaLeNWRGEh+AaVZt0WD7zgzAbKghZ8iLY EypWscF8RYcEN27Q6DNcWwozLyfWGbH3Sex4OMsPL1jqtki0+6HD/ezI6HDmnHy0 4FuCbavgKBRuHHZXG7jX/rN6FHMg/7My4LSHk9fmj2PszaTyZZpFqz0mcBCMJzNX rbgPNtvbOpjv4sUn22LNNA77lOGw+cKwXIU0FKwDBXx+Ak7riGn2l6OpTReUa3qj Eck9dxJiZAzSNunG9HN8dBXUprcuo2WYJ4TV+KwxCLQbQbOkrnHD6bSHXRv70bxK HUMRmNWYCrM= =INXh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fix: * RHACM 2.0.10 images (BZ #1940452) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function 5. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * System Crash / Core dump while deleting VMs (BZ#1897687) * various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907302) * Unable to receive the signal registered using mq_notify(). (BZ#1926111) * SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927522) * enable CONFIG_RANDOM_TRUST_CPU (BZ#1928027) * [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929739) * Configuring the system with non-RT kernel will hang the system (BZ#1930737) * fNIC driver needs a patch fix that addresses crash (BZ#1932460) * OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944670) Enhancement(s): * mlx5: Hairpin Support in Switch Mode (BZ#1924690) * Trace mode enablement in IMC to facilitate perf-kvm support (perf:) (BZ#1929696) * ice: Enable Flow Director Support (BZ#1930780) 4. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1427 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1941768 - Reports that has specified a retention should not be requeued in the sync handler 1954163 - Placeholder bug for OCP 4.6.0 extras release 5. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * RHEL7.9 Realtime crashes due to a blocked task detection. The blocked task is stuck in unregister_shrinker() where multiple tasks have taken the shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex. [kernel-rt] (BZ#1935557) * kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220) 4. 8) - x86_64 3. ========================================================================== Ubuntu Security Notice USN-4883-1 March 20, 2021 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1081-raspi2 4.15.0-1081.86 linux-image-4.15.0-1087-kvm 4.15.0-1087.89 linux-image-4.15.0-1095-gcp 4.15.0-1095.108 linux-image-4.15.0-1096-aws 4.15.0-1096.103 linux-image-4.15.0-1098-snapdragon 4.15.0-1098.107 linux-image-4.15.0-1110-azure 4.15.0-1110.122 linux-image-4.15.0-139-generic 4.15.0-139.143 linux-image-4.15.0-139-generic-lpae 4.15.0-139.143 linux-image-4.15.0-139-lowlatency 4.15.0-139.143 linux-image-aws-lts-18.04 4.15.0.1096.99 linux-image-azure-lts-18.04 4.15.0.1110.83 linux-image-gcp-lts-18.04 4.15.0.1095.113 linux-image-generic 4.15.0.139.126 linux-image-generic-lpae 4.15.0.139.126 linux-image-kvm 4.15.0.1087.83 linux-image-lowlatency 4.15.0.139.126 linux-image-powerpc-e500mc 4.15.0.139.126 linux-image-powerpc-smp 4.15.0.139.126 linux-image-powerpc64-emb 4.15.0.139.126 linux-image-powerpc64-smp 4.15.0.139.126 linux-image-raspi2 4.15.0.1081.78 linux-image-snapdragon 4.15.0.1098.101 linux-image-virtual 4.15.0.139.126 Ubuntu 16.04 LTS: linux-image-4.15.0-1095-gcp 4.15.0-1095.108~16.04.1 linux-image-4.15.0-1096-aws 4.15.0-1096.103~16.04.1 linux-image-4.15.0-1110-azure 4.15.0-1110.122~16.04.1 linux-image-4.15.0-139-generic 4.15.0-139.143~16.04.1 linux-image-4.15.0-139-generic-lpae 4.15.0-139.143~16.04.1 linux-image-4.15.0-139-lowlatency 4.15.0-139.143~16.04.1 linux-image-4.4.0-1090-kvm 4.4.0-1090.99 linux-image-4.4.0-1124-aws 4.4.0-1124.138 linux-image-4.4.0-1152-snapdragon 4.4.0-1152.162 linux-image-4.4.0-206-generic 4.4.0-206.238 linux-image-4.4.0-206-generic-lpae 4.4.0-206.238 linux-image-4.4.0-206-lowlatency 4.4.0-206.238 linux-image-4.4.0-206-powerpc-e500mc 4.4.0-206.238 linux-image-4.4.0-206-powerpc-smp 4.4.0-206.238 linux-image-4.4.0-206-powerpc64-emb 4.4.0-206.238 linux-image-4.4.0-206-powerpc64-smp 4.4.0-206.238 linux-image-aws 4.4.0.1124.129 linux-image-aws-hwe 4.15.0.1096.89 linux-image-azure 4.15.0.1110.101 linux-image-azure-edge 4.15.0.1110.101 linux-image-gcp 4.15.0.1095.96 linux-image-generic 4.4.0.206.212 linux-image-generic-hwe-16.04 4.15.0.139.134 linux-image-generic-lpae 4.4.0.206.212 linux-image-generic-lpae-hwe-16.04 4.15.0.139.134 linux-image-gke 4.15.0.1095.96 linux-image-kvm 4.4.0.1090.88 linux-image-lowlatency 4.4.0.206.212 linux-image-lowlatency-hwe-16.04 4.15.0.139.134 linux-image-oem 4.15.0.139.134 linux-image-powerpc-e500mc 4.4.0.206.212 linux-image-powerpc-smp 4.4.0.206.212 linux-image-powerpc64-emb 4.4.0.206.212 linux-image-powerpc64-smp 4.4.0.206.212 linux-image-snapdragon 4.4.0.1152.144 linux-image-virtual 4.4.0.206.212 linux-image-virtual-hwe-16.04 4.15.0.139.134 Ubuntu 14.04 ESM: linux-image-4.15.0-1110-azure 4.15.0-1110.122~14.04.1 linux-image-4.4.0-1088-aws 4.4.0-1088.92 linux-image-aws 4.4.0.1088.85 linux-image-azure 4.15.0.1110.83 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well

Trust: 2.52

sources: NVD: CVE-2021-27363 // JVNDB: JVNDB-2021-004361 // VULHUB: VHN-386598 // PACKETSTORM: 162242 // PACKETSTORM: 162341 // PACKETSTORM: 162383 // PACKETSTORM: 162247 // PACKETSTORM: 162478 // PACKETSTORM: 162095 // PACKETSTORM: 162108 // PACKETSTORM: 162112 // PACKETSTORM: 161909

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	lte	version:	5.11.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	solidfire baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	linux	model:	kernel	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004361 // NVD: CVE-2021-27363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27363
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-27363
value:	MEDIUM
Trust: 0.8
VULHUB:	VHN-386598
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-27363
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-386598
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-27363
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-27363
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-386598 // JVNDB: JVNDB-2021-004361 // NVD: CVE-2021-27363

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004361 // NVD: CVE-2021-27363

THREAT TYPE

local

Trust: 0.1

sources: PACKETSTORM: 161909

TYPE

overflow

Trust: 0.6

sources: PACKETSTORM: 162242 // PACKETSTORM: 162341 // PACKETSTORM: 162247 // PACKETSTORM: 162095 // PACKETSTORM: 162108 // PACKETSTORM: 162112

PATCH

title:

iscsi

url:

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

Trust: 0.8

sources: JVNDB: JVNDB-2021-004361

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27363	Trust: 2.8
db:	OPENWALL	id:	OSS-SECURITY/2021/03/06/1	Trust: 1.9
db:	PACKETSTORM	id:	162117	Trust: 1.1
db:	JVNDB	id:	JVNDB-2021-004361	Trust: 0.8
db:	PACKETSTORM	id:	162341	Trust: 0.2
db:	PACKETSTORM	id:	162478	Trust: 0.2
db:	PACKETSTORM	id:	162095	Trust: 0.2
db:	PACKETSTORM	id:	162247	Trust: 0.2
db:	PACKETSTORM	id:	161909	Trust: 0.2
db:	PACKETSTORM	id:	162383	Trust: 0.2
db:	PACKETSTORM	id:	162108	Trust: 0.2
db:	PACKETSTORM	id:	162242	Trust: 0.2
db:	PACKETSTORM	id:	162112	Trust: 0.2
db:	PACKETSTORM	id:	161952	Trust: 0.1
db:	PACKETSTORM	id:	162115	Trust: 0.1
db:	PACKETSTORM	id:	162246	Trust: 0.1
db:	PACKETSTORM	id:	162156	Trust: 0.1
db:	PACKETSTORM	id:	162528	Trust: 0.1
db:	PACKETSTORM	id:	162151	Trust: 0.1
db:	PACKETSTORM	id:	161973	Trust: 0.1
db:	PACKETSTORM	id:	162098	Trust: 0.1
db:	PACKETSTORM	id:	162255	Trust: 0.1
db:	PACKETSTORM	id:	162346	Trust: 0.1
db:	PACKETSTORM	id:	162337	Trust: 0.1
db:	CNNVD	id:	CNNVD-202103-523	Trust: 0.1
db:	VULHUB	id:	VHN-386598	Trust: 0.1

sources: VULHUB: VHN-386598 // PACKETSTORM: 162242 // PACKETSTORM: 162341 // PACKETSTORM: 162383 // PACKETSTORM: 162247 // PACKETSTORM: 162478 // PACKETSTORM: 162095 // PACKETSTORM: 162108 // PACKETSTORM: 162112 // PACKETSTORM: 161909 // JVNDB: JVNDB-2021-004361 // NVD: CVE-2021-27363

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2021/03/06/1	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27363	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210409-0001/	Trust: 1.1
url:	http://packetstormsecurity.com/files/162117/kernel-live-patch-security-notice-lsn-0075-1.html	Trust: 1.1
url:	https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html	Trust: 1.1
url:	https://bugzilla.suse.com/show_bug.cgi?id=1182716	Trust: 1.1
url:	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27364	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27365	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2021-27364	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-27365	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-27363	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-3347	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3347	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-28374	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26708	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0466	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-27152	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27152	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-0466	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28374	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-26708	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20305	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20305	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1267	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1373	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23358	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28362	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23358	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3450	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3450	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28362	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1448	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1272	Trust: 0.1
url:	https://access.redhat.com/errata/rhba-2021:1427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-2163	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1429	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25649	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3447	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3447	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25649	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-2163	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1070	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1081	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1093	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1098.107	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1087.89	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1096.103~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.15.0-139.143	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1152.162	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1081.86	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-4883-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1095.108	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1090.99	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1110.122~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1095.108~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.4.0-206.238	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1124.138	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1096.103	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1110.122	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-139.143~16.04.1	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 162242 // PACKETSTORM: 162341 // PACKETSTORM: 162383 // PACKETSTORM: 162247 // PACKETSTORM: 162478 // PACKETSTORM: 162095 // PACKETSTORM: 162108 // PACKETSTORM: 162112

SOURCES

db:	VULHUB	id:	VHN-386598
db:	PACKETSTORM	id:	162242
db:	PACKETSTORM	id:	162341
db:	PACKETSTORM	id:	162383
db:	PACKETSTORM	id:	162247
db:	PACKETSTORM	id:	162478
db:	PACKETSTORM	id:	162095
db:	PACKETSTORM	id:	162108
db:	PACKETSTORM	id:	162112
db:	PACKETSTORM	id:	161909
db:	JVNDB	id:	JVNDB-2021-004361
db:	NVD	id:	CVE-2021-27363

LAST UPDATE DATE

2026-04-18T22:27:48.443000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-386598	date:	2022-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-004361	date:	2021-11-18T09:07:00
db:	NVD	id:	CVE-2021-27363	date:	2024-11-21T05:57:50.513

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-386598	date:	2021-03-07T00:00:00
db:	PACKETSTORM	id:	162242	date:	2021-04-20T16:13:12
db:	PACKETSTORM	id:	162341	date:	2021-04-27T15:18:39
db:	PACKETSTORM	id:	162383	date:	2021-04-29T14:37:49
db:	PACKETSTORM	id:	162247	date:	2021-04-20T16:18:26
db:	PACKETSTORM	id:	162478	date:	2021-05-06T01:15:29
db:	PACKETSTORM	id:	162095	date:	2021-04-06T14:35:33
db:	PACKETSTORM	id:	162108	date:	2021-04-07T20:04:40
db:	PACKETSTORM	id:	162112	date:	2021-04-07T20:08:52
db:	PACKETSTORM	id:	161909	date:	2021-03-22T15:29:43
db:	JVNDB	id:	JVNDB-2021-004361	date:	2021-11-18T00:00:00
db:	NVD	id:	CVE-2021-27363	date:	2021-03-07T04:15:13.330