CVE-2021-27365 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-27365

CVE-2021-27365

March 07, 2021

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Related Resources (13)

https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27365

https://security.netapp.com/advisory/ntap-20210409-0001/

https://bugzilla.suse.com/show_bug.cgi?id=1182715

https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5

https://access.redhat.com/security/cve/CVE-2021-27365

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://www.openwall.com/lists/oss-security/2021/03/06/1

https://www.oracle.com/security-alerts/cpuoct2021.html

https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html