A+ R A-

U-068: Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges

U-068:Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges
Privacy and Legal Notice

JC3-CIRC TECHNICAL BULLETIN

December 23, 2011 8:45 AM ET

PROBLEM:

Linux Kernel SG_IO ioctl Bug Lets Local Users Gain Elevated Privileges

PLATFORM:

Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server EUS (v. 6.2.z)
Red Hat Enterprise Linux Workstation (v. 6)

ABSTRACT:

A local privileged user on the guest operating system can obtain elevated privileges on the target system.

 

 

IMPACT ASSESSMENT:

Medium

Discussion:
A vulnerability was reported in the Linux Kernel. A local user can obtain elevated privileges on the target system. On a virtualized system, a local privileged user on the guest operating system can execute the SG_IO ioctl on a partition or LVM volume to read or write data on the underlying disk. The local user can access host operating system data or data of other guests on the system.

Impact:
A local privileged user on the guest operating system can obtain elevated privileges on the target system.

Solution:
Linux Kernel source code fix[2]
Red Hat kernel security and bug fix update[3]

[1]
References
  1. ^ Privacy and Legal Notice (www.energy.gov)
  2. ^ Linux Kernel source code fix (git.kernel.org)
  3. ^ Red Hat kernel security and bug fix update (access.redhat.com)

Authors: JC3-CIRC

Read Full Article @ Source

Got News?

Get email updates