** Description changed: - Paolo Bonzini of Red Hat found out that the host Linux system allows - executing the SG_IO ioctl on a partition or even on an LVM volume, and - will pass the command to the underlying block device. This could be - further exploited in the in the context of virtualization, because - virtio disks support a limited form of SCSI passthrough via the SG_IO - ioctl. If virtio disk is hosted on a partition or LVM volume with - format=raw, tools such as sg_dd can be used to read and write other data - on the same disk --- even data that belongs to the host or to other - guests. + The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl + calls, which allows local users to bypass intended restrictions on disk + read and write operations by sending a SCSI command to (1) a partition + block device or (2) an LVM volume. Break-Fix: - 577ebb374c78314ac4617242f509e2f5e7156649 Break-Fix: - 0bfc96cb77224736dfa35c3c555d37b3646ef35e Break-Fix: - ec8013beddd717d1740cfefb1a9b900deef85462
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/911397 Title: CVE-2011-4127 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/911397/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs