A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges. The vulnerability is caused due to SG_IO SCSI IOCTL commands being passed down to the block device without properly honoring access restrictions to e.g. single partitions or LVM volumes. This can e.g. be exploited by a privileged guest user in certain virtualisation setups to read from or write to the host's block device. Solution Restrict access to trusted users only. Provided and/or discovered by Paolo Bonzini, Red Hat Original Advisory Paolo Bonzini: https://lkml.org/lkml/2011/12/22/270 Red Hat bug #752375: https://bugzilla.redhat.com/show_bug.cgi?id=752375
CVE-2011-4127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4127): The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
There are no longer any 2.x kernels or <3.2.2 available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.
