CVE-2011-4127

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0bfc96cb77224736dfa35c3c555d37b3646ef35e

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec8013beddd717d1740cfefb1a9b900deef85462

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

http://secunia.com/advisories/48898

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2

http://www.openwall.com/lists/oss-security/2011/12/22/5

https://bugzilla.redhat.com/show_bug.cgi?id=752375

https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e

https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462

Details

Source: MITRE

Published: 2012-07-03

Updated: 2017-12-29

Type: CWE-264

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.2.1 (inclusive)

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
83723SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)NessusSuSE Local Security Checks
high
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
high
79484OracleVM 3.1 : kernel-uek (OVMSA-2012-0042)NessusOracleVM Local Security Checks
high
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
79281RHEL 6 : rhev-hypervisor6 (RHSA-2011:1850)NessusRed Hat Local Security Checks
medium
76639RHEL 6 : MRG (RHSA-2012:0333)NessusRed Hat Local Security Checks
medium
69641Amazon Linux AMI : kernel (ALAS-2012-34)NessusAmazon Linux Local Security Checks
medium
68677Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2022)NessusOracle Linux Local Security Checks
medium
68454Oracle Linux 5 : kernel (ELSA-2012-0107)NessusOracle Linux Local Security Checks
high
68426Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2038)NessusOracle Linux Local Security Checks
high
68411Oracle Linux 6 : kernel (ELSA-2011-1849)NessusOracle Linux Local Security Checks
medium
64030RHEL 5 : kernel (RHSA-2012:0358)NessusRed Hat Local Security Checks
high
61241Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120209)NessusScientific Linux Local Security Checks
high
61212Scientific Linux Security Update : kernel on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
58845SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)NessusSuSE Local Security Checks
critical
58493Ubuntu 11.10 : linux vulnerabilities (USN-1405-1)NessusUbuntu Local Security Checks
critical
58270Ubuntu 10.04 LTS : linux vulnerabilities (USN-1389-1)NessusUbuntu Local Security Checks
high
58269Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1388-1)NessusUbuntu Local Security Checks
high
58265Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1384-1)NessusUbuntu Local Security Checks
high
57922CentOS 5 : kernel (CESA-2012:0107)NessusCentOS Local Security Checks
high
57885RHEL 5 : kernel (RHSA-2012:0107)NessusRed Hat Local Security Checks
high
57854SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732)NessusSuSE Local Security Checks
high
57853SuSE 11.1 Security Update : Linux Kernel (SAT Patch Numbers 5723 / 5725)NessusSuSE Local Security Checks
high
57674Fedora 16 : kernel-3.2.1-3.fc16 (2012-0876)NessusFedora Local Security Checks
medium
57673Fedora 15 : kernel-2.6.41.10-3.fc15 (2012-0861)NessusFedora Local Security Checks
medium
57583Debian DSA-2389-1 : linux-2.6 - privilege escalation/denial of service/information leakNessusDebian Local Security Checks
medium
57404CentOS 6 : kernel (CESA-2011:1849)NessusCentOS Local Security Checks
medium
57391RHEL 6 : kernel (RHSA-2011:1849)NessusRed Hat Local Security Checks
medium
801512CentOS RHSA-2012-0107 Security CheckLog Correlation EngineGeneric
high
801399CentOS RHSA-2011-1849 Security CheckLog Correlation EngineGeneric
high