{
  "threat_severity" : "Moderate",
  "public_date" : "2013-01-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: block: default SCSI command filter does not accomodate commands overlap across device classes",
    "id" : "875360",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=875360"
  },
  "cvss" : {
    "cvss_base_score" : "4.9",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes." ],
  "statement" : "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. Due to the lack of upstream patches and the Moderate impact, we are not planning to address this issue in Red Hat Enterprise Linux 7.",
  "acknowledgement" : "This issue was discovered by Paolo Bonzini (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-02-20T00:00:00Z",
    "advisory" : "RHSA-2013:0496",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-358.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only",
    "release_date" : "2013-05-30T00:00:00Z",
    "advisory" : "RHSA-2013:0882",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.2",
    "package" : "kernel-0:2.6.32-220.38.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only",
    "release_date" : "2013-06-11T00:00:00Z",
    "advisory" : "RHSA-2013:0928",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.3",
    "package" : "kernel-0:2.6.32-279.31.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-03-11T00:00:00Z",
    "advisory" : "RHSA-2013:0622",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.6.11-rt30.25.el6rt"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2013-02-28T00:00:00Z",
    "advisory" : "RHSA-2013:0579",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor",
    "package" : "rhev-hypervisor6-0:6.4-20130221.0.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-4542\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-4542" ],
  "name" : "CVE-2012-4542",
  "csaw" : false
}