cve/2021/CVE-2021-27363.md

CVE-2021-27363

Description

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.

POC

Reference

• http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
• https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/aaronxie55/Presentation2_Markdown
• https://github.com/bollwarm/SecToolSet
• https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi
• https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi
• https://github.com/kdn111/linux-kernel-exploitation
• https://github.com/khanhdn111/linux-kernel-exploitation
• https://github.com/khanhdz-06/linux-kernel-exploitation
• https://github.com/khanhdz191/linux-kernel-exploitation
• https://github.com/khanhhdz/linux-kernel-exploitation
• https://github.com/khanhhdz06/linux-kernel-exploitation
• https://github.com/khanhnd123/linux-kernel-exploitation
• https://github.com/knd06/linux-kernel-exploitation
• https://github.com/ndk191/linux-kernel-exploitation
• https://github.com/ssr-111/linux-kernel-exploitation
• https://github.com/teresaweber685/book_list
• https://github.com/wkhnh06/linux-kernel-exploitation
• https://github.com/xairy/linux-kernel-exploitation