CVE-2011-4127 — MEDIUM (4.6)

Q: How severe is CVE-2011-4127?

CVE-2011-4127 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-4127?

Check the references section above for vendor advisories and patch information. Affected products include: Suse Linux Enterprise Server, Linux Linux Kernel.

Vulnerability Description

The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Suse	Linux Enterprise Server	10
Linux	Linux Kernel	<= 3.2.1

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2011-4127?

CVE-2011-4127 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) ...

How severe is CVE-2011-4127?

CVE-2011-4127 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-4127?

Check the references section above for vendor advisories and patch information. Affected products include: Suse Linux Enterprise Server, Linux Linux Kernel.