CVE-2021-27363
Public on 2021-03-07
Modified on 2021-03-19
Description
A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2021-03-18 | ALAS-2021-1487 | Fixed |
| Amazon Linux 2 - Core | kernel | 2021-03-18 | ALAS2-2021-1616 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-01-11 | ALAS2KERNEL-5.4-2022-001 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.214-160.339 | 2021-03-24 | ALAS2LIVEPATCH-2021-042 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.219-161.340 | 2021-03-24 | ALAS2LIVEPATCH-2021-043 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.219-164.354 | 2021-03-24 | ALAS2LIVEPATCH-2021-044 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
| NVD | CVSSv2 | 3.6 | AV:L/AC:L/Au:N/C:P/I:N/A:P |
| NVD | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |