Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 395873

Summary: Kernel: "SG_IO" SCSI IOCTL Privilege Escalation Vulnerability (CVE-2011-4127)
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/47296/
Whiteboard:
Package list:
Runtime testing required: ---

Description Michael Harrison 2011-12-24 07:35:31 UTC 
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.

The vulnerability is caused due to SG_IO SCSI IOCTL commands being passed down to the block device without properly honoring access restrictions to e.g. single partitions or LVM volumes. This can e.g. be exploited by a privileged guest user in certain virtualisation setups to read from or write to the host's block device.

Solution
Restrict access to trusted users only.

Provided and/or discovered by
Paolo Bonzini, Red Hat

Original Advisory
Paolo Bonzini:
https://lkml.org/lkml/2011/12/22/270

Red Hat bug #752375:
https://bugzilla.redhat.com/show_bug.cgi?id=752375
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-09-13 20:35:14 UTC 
CVE-2011-4127 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4127):
  The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls,
  which allows local users to bypass intended restrictions on disk read and
  write operations by sending a SCSI command to (1) a partition block device
  or (2) an LVM volume.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:47:52 UTC 
There are no longer any 2.x kernels or <3.2.2 available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.