CVE-2011-4127 (retired)

Priority
Description
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls,
which allows local users to bypass intended restrictions on disk read and
write operations by sending a SCSI command to (1) a partition block device
or (2) an LVM volume.
Ubuntu-Description
Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl
command. A local user, or user in a VM could exploit this flaw to bypass
restrictions and gain read/write access to all data on the affected block
device.
Notes
 apw> This seems to be seens as the right thing to do, but not so late
 apw> in 3.2, expect to see something applied in the early merge window
 apw> https://lkml.org/lkml/2011/12/22/366
 apw> The fixes have now hit mainline, there is a strong possibility that
 apw> when these are applied to older releases we will get functionality
 apw> regressions, will get them on precise as soon as possible.
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.3)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.0-5.22)
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-1.9)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.0-4.27)
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored (reached end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
linux-krillin:ignored (was pending [1.0] now end-of-life)
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.16.0-25.33~14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.19.0-18.18~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.2.0-18.22~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.4.0-13.29~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored (reached end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-3.21)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.0-7.40)
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.4.0-4.19)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-1013.19)
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1012.12)
Package
Upstream:released (3.3~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
linux-vegetahd:ignored (was pending [1.0] now end-of-life)
More Information

Updated: 2019-03-26 11:59:06 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)