Vigil@nce - Linux kernel: privilege elevation via SG_IO
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the SG_IO ioctl, in order to access to a
disk partition.
Severity: 2/4
Creation date: 27/12/2011
IMPACTED PRODUCTS
– Fedora
– Linux kernel
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The SG_IO ioctl is used to access to a SCSI device.
The kernel allows users to call it. An attacker, who is located in
a guest KVM system, can thus access to data of the host system.
A local attacker can therefore use the SG_IO ioctl, in order to
access to a disk partition.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-privilege-elevation-via-SG-IO-11252