Improper Authorization of SCSI Commands in Linux Kernel

Improper Authorization of SCSI Commands in Linux Kernel

CVE-2012-4542 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.