CVE-2011-4127

Published: Jul 3, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20111222 CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl

mailing-list

x_refsource_MLIST

SUSE-SU-2012:0554

vendor-advisory

x_refsource_SUSE

48898

third-party-advisory

x_refsource_SECUNIA

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462

x_refsource_CONFIRM

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=752375

x_refsource_CONFIRM

https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e

x_refsource_CONFIRM

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2

x_refsource_CONFIRM

https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462

x_refsource_CONFIRM

SUSE-SU-2015:0812

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-4127

Description

Affected Products

References