What is the severity of CVE-2021-27365?

The severity of CVE-2021-27365 is high.

How can a local attacker exploit CVE-2021-27365?

A local attacker can exploit CVE-2021-27365 by causing a denial of service (system crash) or possibly executing arbitrary code through heap overflows in the iSCSI subsystem in the Linux kernel.

What is the remedy for CVE-2021-27365 in Ubuntu 12.04 Trusty HWE?

The remedy for CVE-2021-27365 in Ubuntu 12.04 Trusty HWE is to update the package 'linux-image-3.13.0-185-generic' to version 3.13.0-185.236~12.04.1.

What other vulnerabilities are addressed in the same update as CVE-2021-27365?

The same update also addresses CVE-2021-27363 and CVE-2021-27364.

Where can I find more information about CVE-2021-27365?

You can find more information about CVE-2021-27365 on the Ubuntu Security website: [link](https://ubuntu.com/security/CVE-2021-27365).

Vulnerability/
USN-4901-1

6/4/2021

USN-4901-1: Linux kernel (Trusty HWE) vulnerabilities

First published: Tue Apr 06 2021(Updated: )

Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363) Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.13.0-185-generic	<3.13.0-185.236~12.04.1	3.13.0-185.236~12.04.1
	=12.04
All of
ubuntu/linux-image-generic-lts-trusty	<3.13.0.185.170	3.13.0.185.170
	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2021-27365?
The severity of CVE-2021-27365 is high.
How can a local attacker exploit CVE-2021-27365?
A local attacker can exploit CVE-2021-27365 by causing a denial of service (system crash) or possibly executing arbitrary code through heap overflows in the iSCSI subsystem in the Linux kernel.
What is the remedy for CVE-2021-27365 in Ubuntu 12.04 Trusty HWE?
The remedy for CVE-2021-27365 in Ubuntu 12.04 Trusty HWE is to update the package 'linux-image-3.13.0-185-generic' to version 3.13.0-185.236~12.04.1.
What other vulnerabilities are addressed in the same update as CVE-2021-27365?
The same update also addresses CVE-2021-27363 and CVE-2021-27364.
Where can I find more information about CVE-2021-27365?
You can find more information about CVE-2021-27365 on the Ubuntu Security website: [link](https://ubuntu.com/security/CVE-2021-27365).

agent/severity
agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
collector/usn
source/Ubuntu
anchor-related/USN-4883-1
anchor-related/USN-4887-1
anchor-related/USN-4889-1
anchor-related/USN-4694-1
anchor-related/USN-4709-1
anchor-related/USN-4711-1
anchor-related/USN-4713-1
anchor-related/USN-4713-2
anchor-related/USN-4753-1
agent/software-canonical-lookup
agent/title
agent/tags
agent/description
agent/event
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/12.04