An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
History
10 Dec 2021, 18:13
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210409-0001/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* |
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-03-07 05:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-27365
Mitre link : CVE-2021-27365
CVE.ORG link : CVE-2021-27365
JSON object : View
Products Affected
oracle
- tekelec_platform_distribution
netapp
- solidfire_baseboard_management_controller_firmware
- solidfire_baseboard_management_controller
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-787
Out-of-bounds Write