CVE-2021-27365

Updated: 2024-11-24 04:54:54.244513

Description:

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.6
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2021:1632261664 2022-05-05 12:00:43
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2023-11-01 21:37:05
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Already Fixed 2023-11-15 10:25:15
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Already Fixed 2023-11-22 08:59:45
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Released 2023-05-29 14:15:18
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2021:1634922728 2021-12-10 16:40:21
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Already Fixed 2022-09-28 05:02:36
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Not Vulnerable 2021-12-10 16:40:21
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Already Fixed 2023-06-02 09:10:25