CVE-2013-6383
Published: 26 November 2013
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
From the Ubuntu security team
A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device.
Priority
Medium
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6383
- http://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5
- https://github.com/torvalds/linux/commit/f856567b930dfcdbc3323261bf77240ccdde01f5
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f856567b930dfcdbc3323261bf77240ccdde01f5
- https://bugzilla.redhat.com/show_bug.cgi?id=1033530
- http://www.openwall.com/lists/oss-security/2013/11/22/5
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.8
- https://ubuntu.com/security/notices/USN-2066-1
- https://ubuntu.com/security/notices/USN-2067-1
- https://ubuntu.com/security/notices/USN-2068-1
- https://ubuntu.com/security/notices/USN-2069-1
- https://ubuntu.com/security/notices/USN-2070-1
- https://ubuntu.com/security/notices/USN-2071-1
- https://ubuntu.com/security/notices/USN-2072-1
- https://ubuntu.com/security/notices/USN-2073-1
- https://ubuntu.com/security/notices/USN-2074-1
- https://ubuntu.com/security/notices/USN-2075-1
- https://ubuntu.com/security/notices/USN-2076-1
- https://ubuntu.com/security/notices/USN-2107-1
- https://ubuntu.com/security/notices/USN-2108-1
- NVD
- Launchpad
- Debian