Login Sign Up

CVE-2021-27364

7.1 HIGH
Denial of Service

📋 TL;DR

CVE-2021-27364 is a Linux kernel vulnerability in the iSCSI subsystem that allows unprivileged local users to cause a denial of service or potentially escalate privileges by sending specially crafted Netlink messages. It affects Linux systems with kernel versions up to 5.11.3. The vulnerability requires local access to the system.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions through 5.11.3
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires iSCSI subsystem to be present (common in server environments).

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire Baseboard Management Controller Firmware by Netapp

View all CVEs affecting Solidfire Baseboard Management Controller Firmware →

Tekelec Platform Distribution by Oracle

View all CVEs affecting Tekelec Platform Distribution →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, complete system compromise, or kernel panic causing system crash.

🟠

Likely Case

Denial of service through kernel panic or system instability.

🟢

If Mitigated

Limited impact if proper access controls prevent unprivileged users from accessing the system.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and knowledge of Netlink message crafting. Proof-of-concept code has been published.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.11.4 and later

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.11.4 or later. 2. Apply vendor-specific patches for older kernels. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Restrict Netlink access

linux

Use kernel capabilities or SELinux/AppArmor to restrict unprivileged users from accessing Netlink sockets

echo 'kernel.dmesg_restrict = 1' >> /etc/sysctl.conf
sysctl -p

Disable iSCSI module

linux

Remove or blacklist the iSCSI kernel module if not needed

echo 'blacklist scsi_transport_iscsi' >> /etc/modprobe.d/blacklist.conf
rmmod scsi_transport_iscsi

🧯 If You Can't Patch

  • Implement strict access controls to prevent unprivileged users from accessing the system
  • Use kernel live patching solutions if available for your distribution

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is 5.11.3 or earlier, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

After patching, verify kernel version is 5.11.4 or later with uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • Unexpected iSCSI-related errors

Network Indicators:

  • None - this is a local exploit

SIEM Query:

source="kern.log" AND "kernel panic" OR "Oops" AND "iscsi"

📊 Metadata

CVE ID: CVE-2021-27364
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: March 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27364, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)