CVE-2021-27365

HIGH

Linux kernel <5.11.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27365. PoCs published by Iweisc.

Description

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Exploits (1)

References (10)

Core 10
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/03/06/1
Exploit, Third Party Advisory x_refsource_misc
https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210409-0001/
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=1182715

Scores

CVSS v3 7.8
EPSS 0.0208
EPSS Percentile 79.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (4)
debian/debian_linux 9.0
linux/linux_kernel < 5.11.3
netapp/solidfire_baseboard_management_controller_firmware
oracle/tekelec_platform_distribution 7.4.0 - 7.7.1
Published Mar 07, 2021
Tracked Since Feb 18, 2026