CVE-2012-4542

Опубликовано: 24 янв. 2013

Источник: redhat

CVSS2: 4.9

Описание

block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.

Отчет

This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. Due to the lack of upstream patches and the Moderate impact, we are not planning to address this issue in Red Hat Enterprise Linux 7.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Affected
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux Extended Update Support 5.9	kernel	Affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2013:0496	20.02.2013
Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only	kernel	Fixed	RHSA-2013:0882	30.05.2013
Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only	kernel	Fixed	RHSA-2013:0928	11.06.2013
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2013:0622	11.03.2013
RHEV 3.X Hypervisor and Agents for RHEL-6	rhev-hypervisor6	Fixed	RHSA-2013:0579	28.02.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=875360kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

4.9 Medium

CVSS2