Updated: 2024-11-24 04:54:54.244513
Description:
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4.6 |
CVSS Version 3.x | HIGH | 7.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Released | CLSA-2021:1632261664 | 2022-05-05 12:00:43 | |
CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2023-11-01 21:37:05 | ||
CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Already Fixed | 2023-11-15 10:25:15 | ||
CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Already Fixed | 2023-11-22 08:59:45 | ||
CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Released | 2023-05-29 14:15:18 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Released | CLSA-2021:1634922728 | 2021-12-10 16:40:21 | |
Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Already Fixed | 2022-09-28 05:02:36 | ||
Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Not Vulnerable | 2021-12-10 16:40:21 | ||
Ubuntu 18.04 ELS | linux | 4.15.0 | 7.8 | HIGH | Already Fixed | 2023-06-02 09:10:25 |