Vulnerabilities > CVE-2021-27365 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Vulnerable Configurations

Part Description Count
OS
Linux
4871
OS
Debian
1
OS
Netapp
1
Application
Oracle
2
Hardware
Netapp
1

Common Weakness Enumeration (CWE)

References