CVE-2021-31949 is a security vulnerability that was discovered in May 2021. The flaw exists in the Linux kernel, specifically in the iSCSI subsystem, and could allow an attacker to execute arbitrary code with elevated privileges. This vulnerability affects systems running the Linux kernel version 5.4 or later.
The vulnerability was caused by an integer overflow issue in the iSCSI subsystem's handling of input/output control (IOCTL) messages. An attacker who can send specially crafted IOCTL messages to a vulnerable system could trigger the flaw and potentially execute malicious code. The flaw was rated as high severity and given a CVSS score of 7.8 out of 10.
Fortunately, a patch for this vulnerability was released on May 19, 2021, which addressed the issue by adding additional bounds checking to the affected code. It is recommended that anyone running a vulnerable version of the Linux kernel apply the patch as soon as possible to protect against potential exploitation of this flaw.