CVE-2021-27364 - log back

CVE-2021-27364 edited at 07 Mar 2021 12:40:55
Description
- An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
+ An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. The issue is fixed in kernel versions 5.11.4 and 5.10.21.
References
https://www.openwall.com/lists/oss-security/2021/03/06/1
https://bugzilla.suse.com/show_bug.cgi?id=1182717
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.4&id=3ada197fece73a5cab673427b960546b09bbef31
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.21&id=c71edc5d2480774ec2fec62bb84064aed6d582bd
CVE-2021-27364 edited at 07 Mar 2021 11:52:45
Description
- A security issue was found in the Linux kernel. This vulnerability allows any user to connect to the iscsi NETLINK socket and send commands to the kernel, such as "end a session".
+ An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
CVE-2021-27364 edited at 06 Mar 2021 09:22:03
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Insufficient validation
Description
+ A security issue was found in the Linux kernel. This vulnerability allows any user to connect to the iscsi NETLINK socket and send commands to the kernel, such as "end a session".
References
+ https://www.openwall.com/lists/oss-security/2021/03/06/1
+ https://bugzilla.suse.com/show_bug.cgi?id=1182717
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa
Notes
CVE-2021-27364 created at 06 Mar 2021 09:18:12