Improper Authorization of SCSI Commands in Linux Kernel
CVE-2012-4542 · MEDIUM Severity
AV:L/AC:L/AU:N/C:P/I:P/A:P
block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.