ID

VAR-202103-0920


CVE

CVE-2021-27363


TITLE

Linux kernel Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202103-523

DESCRIPTION

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1267 Issue date: 2021-04-20 CVE Names: CVE-2020-14351 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930932) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.84.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.84.1.el7.ppc64le.rpm perf-3.10.0-693.84.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.84.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.84.1.el7.noarch.rpm kernel-doc-3.10.0-693.84.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-devel-3.10.0-693.84.1.el7.x86_64.rpm kernel-headers-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.84.1.el7.x86_64.rpm perf-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.84.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.84.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH7PN9zjgjWX9erEAQj00Q//dwJUA3XoZ8Ferzd26sJ/DcX6mUEUBmHR ak7tX27vETn/72UdgkHJkB0XRqsn6yjQBdowxXQe7zdcmnPFemMlluDzwNnNw2ME FqLcIPgWI7qct32+csGDvOfUDz912A+Sc9XB2oekMpXgeMunfxz3FfmocZPVKcqh OJq9MTkjJcktHOKvwr40xnYKk/0cKUqcjqQxGZbYCr0RZ3u88vHd8JIDZqmBr+dk tYHIs5lIZ2jICescQf9nwQByB4jm8BX7WDqmdyvV8jrrRzVYhLyFZdDDo9nosDVK 4y++m9pLVqHtkojPscbn2+NBEDHJxUmtFn5JabSLb51Jog0tGu+QC5MEtfqc5jgH Cn/M47TR6OiB88i8FdQva40HWGsEQanZaLeNWRGEh+AaVZt0WD7zgzAbKghZ8iLY EypWscF8RYcEN27Q6DNcWwozLyfWGbH3Sex4OMsPL1jqtki0+6HD/ezI6HDmnHy0 4FuCbavgKBRuHHZXG7jX/rN6FHMg/7My4LSHk9fmj2PszaTyZZpFqz0mcBCMJzNX rbgPNtvbOpjv4sUn22LNNA77lOGw+cKwXIU0FKwDBXx+Ak7riGn2l6OpTReUa3qj Eck9dxJiZAzSNunG9HN8dBXUprcuo2WYJ4TV+KwxCLQbQbOkrnHD6bSHXRv70bxK HUMRmNWYCrM= =INXh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Upstream Patch for Gracefully handle DMAR units with no supported address widthsx86/vt-d (BZ#1932201) * RHEL8.1 Alpha - ISST-LTE:PNV:Witherspoon-DD2.3:woo: KDUMP hang during shutdown, lpfc loses connection to disks (rootdisk:nvme) (BZ#1934306) 4. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel-rt possible livelock: WARNING: CPU: 28 PID: 3109 at kernel/ptrace.c:242 ptrace_check_attach+0xdd/0x1a0 (BZ#1925308) * kernel-rt: update RT source tree to the RHEL-8.3.z3 source tree (BZ#1926369) 4. ========================================================================== Ubuntu Security Notice USN-4889-1 March 25, 2021 linux, linux-lts-xenial vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-3.13.0-185-generic 3.13.0-185.236 linux-image-3.13.0-185-generic-lpae 3.13.0-185.236 linux-image-3.13.0-185-lowlatency 3.13.0-185.236 linux-image-4.4.0-206-generic 4.4.0-206.238~14.04.1 linux-image-4.4.0-206-generic-lpae 4.4.0-206.238~14.04.1 linux-image-4.4.0-206-lowlatency 4.4.0-206.238~14.04.1 linux-image-generic 3.13.0.185.194 linux-image-generic-lpae 3.13.0.185.194 linux-image-generic-lpae-lts-xenial 4.4.0.206.179 linux-image-generic-lts-xenial 4.4.0.206.179 linux-image-generic-pae 3.13.0.185.194 linux-image-lowlatency 3.13.0.185.194 linux-image-lowlatency-lts-xenial 4.4.0.206.179 linux-image-lowlatency-pae 3.13.0.185.194 linux-image-server 3.13.0.185.194 linux-image-virtual 3.13.0.185.194 linux-image-virtual-lts-xenial 4.4.0.206.179 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * race condition when creating child sockets from syncookies (BZ#1915529) * On System Z, a hash needs state randomized for entropy extraction (BZ#1915816) * scsi: target: core_tmr_abort_task() reporting multiple aborts for the same se_cmd->tag (BZ#1918354) * [mlx5] VF interface stats are not reflected in "ip -s link show" / "ifconfig <vf>" commands (BZ#1921060) * Win10 guest automatic reboot after migration in Win10 and WSL2 on Intel hosts (BZ#1923281) * [RHEL 8.3] Repeated messages - Unable to burst-read optrom segment (BZ#1924222) * Backport bug fix RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz (BZ#1924691) * [Cisco 8.3] RHEL/Cent 8.2 fNIC driver needs a patch fix that addresses crash (BZ#1925186) * RHEL8.3 - The kernel misdetects zCX with z/VM (BZ#1925508) * Backport 22e4663e91 ("mm/slub: fix panic in slab_alloc_node()") (BZ#1925511) * SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927521) * lpfc: Fix initial FLOGI failure due to BBSCN not supported (BZ#1927921) * [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929738) * Unexpected thread movement with AMD Milan compared to Rome (BZ#1929740) * rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929910) * [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930168) * Configuring the system with non-RT kernel will hang the system (BZ#1930735) * Upstream Patch for Gracefully handle DMAR units with no supported address widthsx86/vt-d (BZ#1932199) * gfs2: Deadlock between gfs2_{create_inode,inode_lookup} and delete_work_func (BZ#1937109) * Failing on tsx-ctrl when the flag doesn't change anything (BZ#1939013) Enhancement(s): * RFE: Backport all Audit enhancements and fixes up to version 5.10-rc1 (BZ#1907520) * RHEL8.4: Update the target driver (BZ#1918363) * [Mellanox 8.4 FEAT] mlx5: Hairpin Support in Switch Mode (BZ#1924689) 4

Trust: 1.62

sources: NVD: CVE-2021-27363 // VULHUB: VHN-386598 // PACKETSTORM: 162242 // PACKETSTORM: 162246 // PACKETSTORM: 162156 // PACKETSTORM: 162108 // PACKETSTORM: 162255 // PACKETSTORM: 161973 // PACKETSTORM: 162112

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:lteversion:5.11.3

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2021-27363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27363
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202103-523
value: MEDIUM

Trust: 0.6

VULHUB: VHN-386598
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-27363
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-386598
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-27363
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-386598 // CNNVD: CNNVD-202103-523 // NVD: CVE-2021-27363

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2021-27363

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 161973 // CNNVD: CNNVD-202103-523

TYPE

overflow

Trust: 0.6

sources: PACKETSTORM: 162242 // PACKETSTORM: 162246 // PACKETSTORM: 162156 // PACKETSTORM: 162108 // PACKETSTORM: 162255 // PACKETSTORM: 162112

EXTERNAL IDS

db:NVDid:CVE-2021-27363

Trust: 2.4

db:PACKETSTORMid:162117

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/06/1

Trust: 1.7

db:PACKETSTORMid:162108

Trust: 0.8

db:PACKETSTORMid:162242

Trust: 0.8

db:PACKETSTORMid:161952

Trust: 0.7

db:PACKETSTORMid:162341

Trust: 0.7

db:PACKETSTORMid:162478

Trust: 0.7

db:PACKETSTORMid:162095

Trust: 0.7

db:PACKETSTORMid:162528

Trust: 0.7

db:PACKETSTORMid:162151

Trust: 0.7

db:PACKETSTORMid:161909

Trust: 0.7

db:PACKETSTORMid:162383

Trust: 0.7

db:PACKETSTORMid:162337

Trust: 0.7

db:CNNVDid:CNNVD-202103-523

Trust: 0.7

db:AUSCERTid:ESB-2021.1589

Trust: 0.6

db:AUSCERTid:ESB-2021.1694

Trust: 0.6

db:AUSCERTid:ESB-2021.1655

Trust: 0.6

db:AUSCERTid:ESB-2021.0837

Trust: 0.6

db:AUSCERTid:ESB-2021.1406

Trust: 0.6

db:AUSCERTid:ESB-2021.1339

Trust: 0.6

db:AUSCERTid:ESB-2021.1224

Trust: 0.6

db:AUSCERTid:ESB-2021.1307

Trust: 0.6

db:AUSCERTid:ESB-2021.1184

Trust: 0.6

db:AUSCERTid:ESB-2021.1002

Trust: 0.6

db:AUSCERTid:ESB-2021.2589

Trust: 0.6

db:AUSCERTid:ESB-2022.3346

Trust: 0.6

db:AUSCERTid:ESB-2021.1558

Trust: 0.6

db:AUSCERTid:ESB-2021.1299

Trust: 0.6

db:AUSCERTid:ESB-2021.1635

Trust: 0.6

db:AUSCERTid:ESB-2021.2136

Trust: 0.6

db:AUSCERTid:ESB-2021.1445

Trust: 0.6

db:AUSCERTid:ESB-2021.0981

Trust: 0.6

db:AUSCERTid:ESB-2021.1212

Trust: 0.6

db:AUSCERTid:ESB-2021.1151

Trust: 0.6

db:AUSCERTid:ESB-2021.1669

Trust: 0.6

db:AUSCERTid:ESB-2021.2781

Trust: 0.6

db:AUSCERTid:ESB-2021.1101

Trust: 0.6

db:CS-HELPid:SB2021051001

Trust: 0.6

db:CS-HELPid:SB2021042828

Trust: 0.6

db:CS-HELPid:SB2021050609

Trust: 0.6

db:CS-HELPid:SB2021041608

Trust: 0.6

db:CS-HELPid:SB2021041223

Trust: 0.6

db:CS-HELPid:SB2021051317

Trust: 0.6

db:CS-HELPid:SB2021042136

Trust: 0.6

db:PACKETSTORMid:162246

Trust: 0.2

db:PACKETSTORMid:162156

Trust: 0.2

db:PACKETSTORMid:161973

Trust: 0.2

db:PACKETSTORMid:162255

Trust: 0.2

db:PACKETSTORMid:162112

Trust: 0.2

db:PACKETSTORMid:162115

Trust: 0.1

db:PACKETSTORMid:162247

Trust: 0.1

db:PACKETSTORMid:162098

Trust: 0.1

db:PACKETSTORMid:162346

Trust: 0.1

db:VULHUBid:VHN-386598

Trust: 0.1

sources: VULHUB: VHN-386598 // PACKETSTORM: 162242 // PACKETSTORM: 162246 // PACKETSTORM: 162156 // PACKETSTORM: 162108 // PACKETSTORM: 162255 // PACKETSTORM: 161973 // PACKETSTORM: 162112 // CNNVD: CNNVD-202103-523 // NVD: CVE-2021-27363

REFERENCES

url:https://security.netapp.com/advisory/ntap-20210409-0001/

Trust: 1.7

url:http://packetstormsecurity.com/files/162117/kernel-live-patch-security-notice-lsn-0075-1.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/06/1

Trust: 1.7

url:https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html

Trust: 1.7

url:https://bugzilla.suse.com/show_bug.cgi?id=1182716

Trust: 1.7

url:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-27363

Trust: 1.3

url:https://access.redhat.com/security/cve/cve-2021-27363

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-27364

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-27365

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-27364

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-27365

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0837

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051001

Trust: 0.6

url:https://packetstormsecurity.com/files/162095/red-hat-security-advisory-2021-1070-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1589

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1445

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1307

Trust: 0.6

url:https://packetstormsecurity.com/files/162242/red-hat-security-advisory-2021-1267-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1406

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042828

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1669

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2781

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1151

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0981

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1212

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041223

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042136

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1299

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1694

Trust: 0.6

url:https://packetstormsecurity.com/files/161952/ubuntu-security-notice-usn-4887-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051317

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3346

Trust: 0.6

url:https://packetstormsecurity.com/files/161909/ubuntu-security-notice-usn-4883-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050609

Trust: 0.6

url:https://packetstormsecurity.com/files/162341/red-hat-security-advisory-2021-1373-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-read-write-access-via-iscsi-show-transport-handle-34762

Trust: 0.6

url:https://packetstormsecurity.com/files/162108/red-hat-security-advisory-2021-1081-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-4/

Trust: 0.6

url:https://packetstormsecurity.com/files/162151/red-hat-security-advisory-2021-1168-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162478/red-hat-security-advisory-2021-1429-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041608

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1558

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1635

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1655

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2589

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1339

Trust: 0.6

url:https://packetstormsecurity.com/files/162337/red-hat-security-advisory-2021-1369-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1184

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1224

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2136

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6525030

Trust: 0.6

url:https://packetstormsecurity.com/files/162528/red-hat-security-advisory-2021-1531-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1002

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1101

Trust: 0.6

url:https://packetstormsecurity.com/files/162383/red-hat-security-advisory-2021-1448-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-packet-capture-is-vulnerable-to-using-components-with-known-vulnerabilities-2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-3347

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-26708

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0466

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27152

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27152

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0466

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28374

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-26708

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1267

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1279

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1171

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1081

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1289

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4889-1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1093

Trust: 0.1

sources: VULHUB: VHN-386598 // PACKETSTORM: 162242 // PACKETSTORM: 162246 // PACKETSTORM: 162156 // PACKETSTORM: 162108 // PACKETSTORM: 162255 // PACKETSTORM: 161973 // PACKETSTORM: 162112 // CNNVD: CNNVD-202103-523 // NVD: CVE-2021-27363

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 162242 // PACKETSTORM: 162246 // PACKETSTORM: 162156 // PACKETSTORM: 162108 // PACKETSTORM: 162255 // PACKETSTORM: 162112 // CNNVD: CNNVD-202103-523

SOURCES

db:VULHUBid:VHN-386598
db:PACKETSTORMid:162242
db:PACKETSTORMid:162246
db:PACKETSTORMid:162156
db:PACKETSTORMid:162108
db:PACKETSTORMid:162255
db:PACKETSTORMid:161973
db:PACKETSTORMid:162112
db:CNNVDid:CNNVD-202103-523
db:NVDid:CVE-2021-27363

LAST UPDATE DATE

2026-07-10T22:09:35.764000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-386598date:2022-05-23T00:00:00
db:CNNVDid:CNNVD-202103-523date:2022-07-11T00:00:00
db:NVDid:CVE-2021-27363date:2026-06-17T03:44:42.647

SOURCES RELEASE DATE

db:VULHUBid:VHN-386598date:2021-03-07T00:00:00
db:PACKETSTORMid:162242date:2021-04-20T16:13:12
db:PACKETSTORMid:162246date:2021-04-20T16:17:42
db:PACKETSTORMid:162156date:2021-04-13T15:49:34
db:PACKETSTORMid:162108date:2021-04-07T20:04:40
db:PACKETSTORMid:162255date:2021-04-20T16:32:38
db:PACKETSTORMid:161973date:2021-03-25T14:09:02
db:PACKETSTORMid:162112date:2021-04-07T20:08:52
db:CNNVDid:CNNVD-202103-523date:2021-03-05T00:00:00
db:NVDid:CVE-2021-27363date:2021-03-07T04:15:13.330