The new Linux kernel security update comes just three weeks after the previous one, which patched 11 flaws, to address three vulnerabilities affecting the Linux 3.10 kernel used in all supported Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system series.
Two of these vulnerabilities are marked by the Red Hat Product Security team as “Important.” These include CVE-2021-27365, a heap buffer overflow discovered in Linux kernel’s iSCSI subsystem that could allow a local, unprivileged user to cause a denial of service (system crash) or possibly execute arbitrary code, and CVE-2021-27364, an out-of-bounds read flaw discovered in the libiscsi module that could lead to reading kernel memory or a crash.