From ${URL} : Description A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to the AACRAID driver not correctly checking the privileges for compat IOCTLs. This can be exploited to perform otherwise restricted operations by sending certain compat IOCTLs to the driver. This is related to: SA26322 The security issue is reported in versions 2.6.32.61, 2.6.34.14, 3.2.52, 3.4.67, 3.10.17, and 3.11.6. Solution: Fixed in the git repository. Provided and/or discovered by: Dan Carpenter within a git commit. Original Advisory: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f856567b930dfcdbc3323261bf77240ccdde01f5
CVE-2013-6383 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6383): The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
*** Bug 492540 has been marked as a duplicate of this bug. ***
Fix in 3.11.8 onwards