CVE-2011-4127

2011-12-2300:00:00

ubuntu.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls,
which allows local users to bypass intended restrictions on disk read and
write operations by sending a SCSI command to (1) a partition block device
or (2) an LVM volume.

Bugs

Notes

Author	Note
apw	This seems to be seens as the right thing to do, but not so late in 3.2, expect to see something applied in the early merge window https://lkml.org/lkml/2011/12/22/366 The fixes have now hit mainline, there is a strong possibility that when these are applied to older releases we will get functionality regressions, will get them on precise as soon as possible.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-39.86UNKNOWN
ubuntu11.10noarchlinux< 3.0.0-16.29UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-343.45UNKNOWN
ubuntu10.04noarchlinux-lts-backport-oneiric< 3.0.0-16.29~lucid1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	linux	< 2.6.32-39.86	UNKNOWN
ubuntu	11.10	noarch	linux	< 3.0.0-16.29	UNKNOWN
ubuntu	10.04	noarch	linux-ec2	< 2.6.32-343.45	UNKNOWN
ubuntu	10.04	noarch	linux-lts-backport-oneiric	< 3.0.0-16.29~lucid1	UNKNOWN