computer Security

15 Years Old Linux Bug Let Attackers Gain Admin Privileges

Three bugs found in the mainline Linux kernel turned out to be about 15 years old. One of these bugs turned out to be useable as a Local Privilege Escalation (LPE) in multiple Linux environments.

GRIMM researchers revealed the bugs 15 years after they were introduced in 2006 during the initial development stages of the iSCSI kernel subsystem.

What is SCSI?

SCSI (Small Computer System Interface) data transport, is a standard for transferring data made for connecting computers with peripheral devices, originally via a physical cable, like hard drives.

 SCSI is a venerable standard originally published in 1986 and was the go-to for server setups, and iSCSI is SCSI over TCP.

The Linux Kernal Bugs

According to GRIMM security researcher Adam Nichols, “The flaws affect all Linux distributions, but luckily, the vulnerable scsi_transport_iscsi kernel module is not loaded by default.”

  • The first vulnerability is a heap buffer overflow in the iSCSI subsystem –(CVE-2021-27365)
    Affected Versions: Tested on RHEL 8.1, 8.2, and 8.3
    Impact: LPE, Information Leak, Denial of Service (DoS)
  • GRIMM discovered a kernel pointer leak that can be used to determine the address of the iscsi_transport structure. (CVE-2021-27363)
    Affected Versions: Tested on RHEL 8.1, 8.2, and 8.3
    Impact: Information Leak
  • The final vulnerability is an out-of-bounds kernel read (CVE-2021-27364)
    Affected Versions: Tested on RHEL 8.1, 8.2, and 8.3
    Impact: Information Leak, DoS


Due to the non-deterministic nature of heap overflows, the first vulnerability could be used as an unreliable, local DoS. Though, when combined with an information leak, this vulnerability can be further exploited as an LPE that allows an attacker to escalate from an unprivileged user account to root.

A separate information leak is not necessary, though, since this vulnerability can be used to leak kernel memory as well. The second vulnerability (kernel pointer leak) is less impactful and could only serve as a potential information leak. Similarly, the third vulnerability (out-of-bounds read) is also limited to functioning as a potential information leak or even an unreliable local DoS.

Impact Flowchart

“On CentOS 8, RHEL 8, and Fedora systems, unprivileged users can automatically load the required modules if the rdma-core package is installed,” Nichols added.

“On Debian and Ubuntu systems, the rdma-core package will only automatically load the two required kernel modules if the RDMA hardware is available. As such, the vulnerability is much more limited in scope.”

Fixes Available

All three vulnerabilities are patched as of 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, and 4.4.260, and patches became available in the mainline Linux kernel on March 7th. No patches will be released for EOL unsupported kernels versions like 3.x and 2.6.23.

If you have already installed one of the Linux kernel versions, your device can’t be compromised in attacks exploiting these bugs.

If you haven’t patched your system, you can use the above diagram to find if your device is vulnerable to exploitation attempts.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Linux SUDO Flaw Lets Local Users Gain Root Privileges

What is the Linux Firewall? How to Enable Packet Filtering With Open Source Iptables Firewall?


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

16 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

16 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

17 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

17 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

20 hours ago

Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover – Hunters

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw in…

2 days ago