LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: restriction bypass

Package(s):kernel CVE #(s):CVE-2011-4127
Created:December 23, 2011 Updated:March 6, 2012
Description: From the Red Hat advisory:

* Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device.

In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device. Partition-based and LVM-based storage pools are not used by default. Refer to Red Hat Bugzilla bug 752375 for further details and a mitigation script for users who cannot apply this update immediately. (CVE-2011-4127, Important)

Alerts:
Oracle ELSA-2011-1849 2011-12-27
Oracle ELSA-2011-2038 2011-12-27
Scientific Linux SL-kern-20111222 2011-12-22
Oracle ELSA-2011-2038 2011-12-27
CentOS CESA-2011:1849 2011-12-23
Red Hat RHSA-2011:1849-01 2011-12-22
Fedora FEDORA-2011-17372 2011-12-23
Fedora FEDORA-2011-17388 2011-12-23
Oracle ELSA-2012-0007 2012-01-12
Debian DSA-2389-1 2012-01-15
Fedora FEDORA-2012-0876 2012-01-24
Oracle ELSA-2012-0050 2012-01-23
Fedora FEDORA-2012-0861 2012-01-24
Scientific Linux SL-qemu-20120125 2012-01-25
SUSE SUSE-SU-2012:0153-1 2012-02-06
SUSE SUSE-SU-2012:0153-2 2012-02-06
Red Hat RHSA-2012:0107-01 2012-02-09
CentOS CESA-2012:0107 2012-02-09
Scientific Linux SL-kern-20120213 2012-02-13
Oracle ELSA-2012-0107 2012-02-10
Red Hat RHSA-2012:0333-01 2012-02-23
Ubuntu USN-1384-1 2012-03-06
Ubuntu USN-1388-1 2012-03-06
Red Hat RHSA-2012:0358-01 2012-03-06
Ubuntu USN-1389-1 2012-03-06
Oracle ELSA-2012-0150 2012-03-07
Ubuntu USN-1405-1 2012-03-27
SUSE SUSE-SU-2012:0554-1 2012-04-23
SUSE SUSE-SU-2012:0554-2 2012-04-26
Oracle ELSA-2012-2022 2012-07-02
Oracle ELSA-2012-2022 2012-07-02
Oracle ELSA-2012-0862 2012-07-02
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds