Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-27364
HistoryMar 07, 2021 - 12:00 a.m.

CVE-2021-27364

2021-03-0700:00:00
ubuntu.com
ubuntu.com
36

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

38.0%

An issue was discovered in the Linux kernel through 5.11.3.
drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of
an unprivileged user to craft Netlink messages.

Bugs

Notes

Author Note
sbeattie Reading the discoverers article, it looks like the CVE was assigned for the out of bounds read vulnerability addressed by f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5, not 688e8128b7a92d as described by Marcus in his oss-security posting. However, 688e8128b7a92d commit requiring CAP_SYS_ADMIN for netlink access also mitigates the vulnerability.
Rows per page:
1-10 of 621

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

38.0%