Lucene search

[email protected]CVE-2011-4127

HistoryJul 03, 2012 - 4:40 p.m.

CVE-2011-4127

2012-07-0316:40:31

CWE-264

[email protected]

web.nvd.nist.gov

218

linux kernel

3.2.2

bypass

disk access

vulnerability

nvd

cve-2011-4127

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.

Affected configurations

NVD

Node

suselinux_enterprise_serverMatch10sp4

Node

linuxlinux_kernelRange≤3.2.1

linuxlinux_kernelMatch3.0rc1

linuxlinux_kernelMatch3.0rc2

linuxlinux_kernelMatch3.0rc3

linuxlinux_kernelMatch3.0rc4

linuxlinux_kernelMatch3.0rc5

linuxlinux_kernelMatch3.0rc6

linuxlinux_kernelMatch3.0rc7

linuxlinux_kernelMatch3.0.1

linuxlinux_kernelMatch3.0.2

linuxlinux_kernelMatch3.0.3

linuxlinux_kernelMatch3.0.4

linuxlinux_kernelMatch3.0.5

linuxlinux_kernelMatch3.0.6

linuxlinux_kernelMatch3.0.7

linuxlinux_kernelMatch3.0.8

linuxlinux_kernelMatch3.0.9

linuxlinux_kernelMatch3.0.10

linuxlinux_kernelMatch3.0.11

linuxlinux_kernelMatch3.0.12

linuxlinux_kernelMatch3.0.13

linuxlinux_kernelMatch3.0.14

linuxlinux_kernelMatch3.0.15

linuxlinux_kernelMatch3.0.16

linuxlinux_kernelMatch3.0.17

linuxlinux_kernelMatch3.0.18

linuxlinux_kernelMatch3.0.19

linuxlinux_kernelMatch3.0.20

linuxlinux_kernelMatch3.0.21

linuxlinux_kernelMatch3.0.22

linuxlinux_kernelMatch3.0.23

linuxlinux_kernelMatch3.0.24

linuxlinux_kernelMatch3.0.25

linuxlinux_kernelMatch3.0.26

linuxlinux_kernelMatch3.0.27

linuxlinux_kernelMatch3.0.28

linuxlinux_kernelMatch3.0.29

linuxlinux_kernelMatch3.0.30

linuxlinux_kernelMatch3.0.31

linuxlinux_kernelMatch3.0.32

linuxlinux_kernelMatch3.0.33

linuxlinux_kernelMatch3.0.34

linuxlinux_kernelMatch3.1

linuxlinux_kernelMatch3.1rc1

linuxlinux_kernelMatch3.1rc2

linuxlinux_kernelMatch3.1rc3

linuxlinux_kernelMatch3.1rc4

linuxlinux_kernelMatch3.1.1

linuxlinux_kernelMatch3.1.2

linuxlinux_kernelMatch3.1.3

linuxlinux_kernelMatch3.1.4

linuxlinux_kernelMatch3.1.5

linuxlinux_kernelMatch3.1.6

linuxlinux_kernelMatch3.1.7

linuxlinux_kernelMatch3.1.8

linuxlinux_kernelMatch3.1.9

linuxlinux_kernelMatch3.1.10

linuxlinux_kernelMatch3.2

CPENameOperatorVersion
suse:linux_enterprise_serversuse linux enterprise servereq10

CPE	Name	Operator	Version
suse:linux_enterprise_server	suse linux enterprise server	eq	10

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462

lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

secunia.com/advisories/48898

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2

www.openwall.com/lists/oss-security/2011/12/22/5

bugzilla.redhat.com/show_bug.cgi?id=752375

github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e

github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2011-4127

ubuntucve1 oraclelinux8 openvas79 veracode1 nessus32 fedora25 debiancve1 prion1 amazon1 seebug1 cvelist1 nvd1 redhat7 ubuntu4 centos3 suse5 osv1 securityvulns2 debian1