CVE-2021-27363
kernel: iscsi: unrestricted access to sessions and handles
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
Se detectó un problema en el kernel de Linux versiones hasta 5.11.3. Se puede usar un filtrado del puntero del kernel para determinar la dirección de la estructura iscsi_transport. Cuando se registra un transporte iSCSI con el subsistema iSCSI, el handle de transporte está disponible para usuarios sin privilegios por medio del sistema de archivos sysfs, en /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. Cuando se lee, se llama a la función show_transport_handle (en el archivo drivers/scsi/scsi_transport_iscsi.c), que filtra el handle. Este handle es en realidad el puntero a una estructura iscsi_transport en las variables globales del módulo del kernel
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-17 CVE Reserved
- 2021-03-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | Third Party Advisory |
|
| https://bugzilla.suse.com/show_bug.cgi?id=1182716 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210409-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-27363 | 2021-05-11 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1930079 | 2021-05-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 5.11.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 5.11.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware" | - | - |
Affected
| ||||||