{
  "threat_severity" : "Important",
  "public_date" : "2011-12-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: possible privilege escalation via SG_IO ioctl",
    "id" : "752375",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=752375"
  },
  "cvss" : {
    "cvss_base_score" : "7.4",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-284",
  "details" : [ "The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume." ],
  "statement" : "This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,\n5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0107.html, https://rhn.redhat.com/errata/RHSA-2011-1849.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-02-09T00:00:00Z",
    "advisory" : "RHSA-2012:0107",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-274.18.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5.6 EUS - Server Only",
    "release_date" : "2012-03-06T00:00:00Z",
    "advisory" : "RHSA-2012:0358",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.6",
    "package" : "kernel-0:2.6.18-238.35.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-12-22T00:00:00Z",
    "advisory" : "RHSA-2011:1849",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-220.2.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2012-02-23T00:00:00Z",
    "advisory" : "RHSA-2012:0333",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.0.18-rt34.53.el6rt"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2011-12-22T00:00:00Z",
    "advisory" : "RHSA-2011:1850",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor",
    "package" : "rhev-hypervisor6-0:6.2-20111215.0.el6_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.2",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-4127\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4127" ],
  "name" : "CVE-2011-4127",
  "csaw" : false
}