Bug 188260

Summary:	Linux Kernel 2.6.x Security Bypass in AACRAID driver (CVE-2007-4308)
Product:	Gentoo Security	Reporter:	Matt Fleming (RETIRED) <mjf>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/26322/
Whiteboard:	[linux < 2.6.22.2][gp < 2.6.22-4]
Package list:		Runtime testing required:	---

Description Matt Fleming (RETIRED) gentoo-dev

2007-08-09 18:43:59 UTC

A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

The security issue is caused due to the AACRAID driver not correctly checking the privileges for IOCTLs. This can be exploited to perform potentially dangerous operations by sending certain IOCTLs to the driver.

The security issue is reported in versions prior to 2.6.23-rc2. Other versions may also be affected.

Comment 1 Matt Fleming (RETIRED) gentoo-dev

2007-08-09 18:55:29 UTC

A patch to fix this issue can be found here, http://lkml.org/lkml/2007/7/23/195

Comment 2 Greg Kroah-Hartman (RETIRED) gentoo-dev

2007-08-10 03:02:42 UTC

This is already included in the 2.6.22.2 release.

Comment 3 Mike Pagano gentoo-dev

2007-11-19 14:30:51 UTC

linux kernel 2.6.22.2 is currently in a stable gentoo-sources release.

Comment 4 Mike Pagano gentoo-dev

2008-03-21 11:28:47 UTC

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=719be62903a6e6419789557cb3ed0e840d3e4ca9