F5F5:K15746K15746 : Linux kernel vulnerability CVE-2012-4542
Security Advisory Description
Description
block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes. (CVE-2012-4542)
Impact
This vulnerability may allow unauthorized disclosure of information, unauthorized modification, or disruption of service.
Status
F5 Product Development has assigned ID 422375 (BIG-IP), ID 485205 (BIG-IQ), and ID 485208 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, BIG-IP iHealth may list Heuristic H486024 on the Diagnostics> Identified> Mediumscreen.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
| Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
|---|---|---|---|
| BIG-IP LTM | 11.0.0 - 11.4.1 | ||
| 10.0.0 - 10.2.4 | |||
| 11.5.0 - 11.6.0 | |||
| Linux kernel | |||
| BIG-IP AAM | 11.4.0 - 11.4.1 | ||
| 11.5.0 - 11.6.0 | |||
| Linux kernel | |||
| BIG-IP AFM | 11.3.0 - 11.4.1 | ||
| 11.5.0 - 11.6.0 | |||
| Linux kernel | |||
| BIG-IP Analytics | 11.0.0 - 11.4.1 | ||
| 11.5.0 - 11.6.0 | |||
| Linux kernel | |||
| BIG-IP APM | 11.0.0 - 11.4.1 | ||
| 10.1.0 - 10.2.4 | |||
| 11.5.0 - 11.6.0 | |||
| Linux kernel | |||
| BIG-IP ASM | 11.0.0 - 11.4.1 | ||
| 10.0.0 - 10.2.4 | |||
| 11.5.0 - 11.6.0 |
| Linux kernel
BIG-IP Edge Gateway
| 11.0.0 - 11.3.0
10.1.0 - 10.2.4
| None
| Linux kernel
BIG-IP GTM| 11.0.0 - 11.4.1
10.0.0 - 10.2.4
| 11.5.0 - 11.6.0
| Linux kernel
BIG-IP Link Controller| 11.0.0 - 11.4.1
10.0.0 - 10.2.4
| 11.5.0 - 11.6.0
| Linux kernel
BIG-IP PEM| 11.3.0 - 11.4.1
| 11.5.0 - 11.6.0
| Linux kernel
BIG-IP PSM| 11.0.0 - 11.4.1
10.0.0 - 10.2.4
| None
| Linux kernel
BIG-IP WebAccelerator| 11.0.0 - 11.3.0
10.0.0 - 10.2.4
| None
| Linux kernel
BIG-IP WOM| 11.0.0 - 11.3.0
10.0.0 - 10.2.4
| None
| Linux kernel
ARX| None
| 6.0.0 - 6.4.0| None
Enterprise Manager| 3.0.0 - 3.1.1
2.1.0 - 2.3.0
| None| Linux kernel
FirePass| None| 7.0.0
6.0.0 - 6.1.0
| None
BIG-IQ Cloud| 4.0.0 - 4.3.0
| 4.4.0
| Linux kernel
BIG-IQ Device| 4.2.0 - 4.3.0
| 4.4.0
| Linux kernel
BIG-IQ Security| 4.0.0 - 4.3.0
| 4.4.0
| Linux kernel
LineRate| None
| 2.2.0 - 2.4.1
1.6.0 - 1.6.4
| None
Recommended action
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.
Supplemental Information
Related
