CVE-2011-4127

Priority
Medium
Description
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls,
which allows local users to bypass intended restrictions on disk read and
write operations by sending a SCSI command to (1) a partition block device
or (2) an LVM volume.
Ubuntu-Description
Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl
command. A local user, or user in a VM could exploit this flaw to bypass
restrictions and gain read/write access to all data on the affected block
device.
References
Bugs
Notes
apw> This seems to be seens as the right thing to do, but not so late
apw> in 3.2, expect to see something applied in the early merge window
apw> https://lkml.org/lkml/2011/12/22/366
apw> The fixes have now hit mainline, there is a strong possibility that
apw> when these are applied to older releases we will get functionality
apw> regressions, will get them on precise as soon as possible.
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.13.0-24.46~precise1)
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.2.0-1600.1)
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-343.45)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.0.0-16.29~lucid1)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.7)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-1.7)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Patches:
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.3)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-1.3)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (no virtualisation on ARM)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-39.86)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.2.0-12.20)
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.2.0-12.20)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.2.0-12.20)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by 577ebb374c78314ac4617242f509e2f5e7156649
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by 0bfc96cb77224736dfa35c3c555d37b3646ef35e
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by ec8013beddd717d1740cfefb1a9b900deef85462
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (no virtualisation on ARM)
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-3.21)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-3.21)
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (no virtualisation on ARM)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):ignored
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-4.19)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.4.0-4.19)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-06-06 20:14:17 UTC (commit 8124)