QwikSec

Security Database

CVE

CWE

Training

CVE-2021-27363

Published: Mar 7, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.openwall.com/lists/oss-security/2021/03/06/1

x_refsource_MISC

https://bugzilla.suse.com/show_bug.cgi?id=1182716

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa

x_refsource_MISC

[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update

mailing-list

x_refsource_MLIST

https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html

x_refsource_MISC

[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210409-0001/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.