Vigil@nce - Linux kernel: privilege escalation via aac_compat_do_ioctl
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use ioctls on the aacraid driver of the Linux
kernel, in order to escalate his privileges.
– Impacted products: Linux
– Severity: 2/4
– Creation date: 25/11/2013
DESCRIPTION OF THE VULNERABILITY
The aacraid kernel driver supports SCSI Adaptec AACRaid devices.
The aac_compat_ioctl() function of the drivers/scsi/aacraid/linit.c
file manages control ioctls. However, it does not check if the
user owns the CAP_SYS_RAWIO capability.
A local attacker can therefore use ioctls on the aacraid driver of
the Linux kernel, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-privilege-escalation-via-aac-compat-do-ioctl-13822