A trio of security holes CVE-2021-27365, CVE-2021-27363, and CVE-2021-27364 was found by security company GRIMM researchers in an almost forgotten corner of the mainline Linux kernel. The first two of these have a Common Vulnerability Scoring System (CVSS) score above 7, which is high. While you may not have had a SCSI or iSCSI drive in ages, these 15 years old bugs are still around. One of them could be used in a Local Privilege Escalation (LPE) attack. In other words, a normal user could use them to become the root user.
Don t let the word local fool you. As Adam Nichols, Principal of Software Security at GRIMM, said: These issues make the impact of any remotely exploitable vulnerability more severe. Enterprises running publicly facing servers would be at the most risk.