** Description changed:

- Paolo Bonzini of Red Hat found out that the host Linux system allows
- executing the SG_IO ioctl on a partition or even on an LVM volume, and
- will pass the command to the underlying block device. This could be
- further exploited in the in the context of virtualization, because
- virtio disks support a limited form of SCSI passthrough via the SG_IO
- ioctl. If virtio disk is hosted on a partition or LVM volume with
- format=raw, tools such as sg_dd can be used to read and write other data
- on the same disk --- even data that belongs to the host or to other
- guests.
+ The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl
+ calls, which allows local users to bypass intended restrictions on disk
+ read and write operations by sending a SCSI command to (1) a partition
+ block device or (2) an LVM volume.
  
  Break-Fix: - 577ebb374c78314ac4617242f509e2f5e7156649
  Break-Fix: - 0bfc96cb77224736dfa35c3c555d37b3646ef35e
  Break-Fix: - ec8013beddd717d1740cfefb1a9b900deef85462

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/911397

Title:
  CVE-2011-4127

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/911397/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to