VDB
CVE-2012-4542
CVE-2012-4542
PUBLISHED
block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
EPSS 0.08% · 22.9th percentile
Risk Scores
EPSS Score
0.08%
22.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | linux | 4.4.0-65.86, 4.4.0-66.87, 4.4.0-57.78 |
| Ubuntu:22.04:LTS | linux-oracle | 5.15.0-1077.83, 0, 5.13.0-1008.10 |
| Ubuntu:24.04:LTS | linux-ibm | 6.8.0-1006.6, 6.8.0-1003.3, 6.5.0-1009.9 |
| Ubuntu:Pro:20.04:LTS | linux-oracle | 5.4.0-1107.116, 5.4.0-1100.109, 5.4.0-1101.110 |
| Ubuntu:Pro:18.04:LTS | linux-kvm | 4.15.0-1079.81, 4.15.0-1092.94, 4.15.0-1090.92 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-86.130, 0, 3.12.0-1.3 |
| Ubuntu:22.04:LTS | linux-starfive-6.5 | 6.5.0-1018.19~22.04.1, *, * |
| Ubuntu:24.04:LTS | linux-hwe-6.11 | *, 0, 6.11.0-17.17~24.04.2 |
| Ubuntu:Pro:20.04:LTS | linux-azure | 5.4.0-1035.36, 5.4.0-1094.100, 5.4.0-1095.101 |
| Ubuntu:24.04:LTS | linux-azure-fde-6.14 | 6.14.0-1017.17~24.04.1, 0, 6.14.0-1012.12~24.04.1 |
| Ubuntu:18.04:LTS | linux-gke-5.4 | 5.4.0-1078.84~18.04.1, 5.4.0-1080.86~18.04.1, * |
| Ubuntu:20.04:LTS | linux-oracle-5.8 | 0, 5.8.0-1031.32~20.04.2, 5.8.0-1033.34~20.04.1 |
| Ubuntu:22.04:LTS | linux-azure-fde-6.8 | 6.8.0-1046.53~22.04.1, *, 6.8.0-1042.49~22.04.1 |
| Ubuntu:24.04:LTS | linux-lowlatency-hwe-6.11 | 6.11.0-1011.12~24.04.1, 6.11.0-1012.13~24.04.1, 0 |
| Ubuntu:Pro:18.04:LTS | linux-raspi-5.4 | 5.4.0-1133.146~18.04.1, *, * |
| Ubuntu:24.04:LTS | linux-hwe-6.14 | *, 0, * |
| Ubuntu:20.04:LTS | linux-hwe-5.13 | 5.13.0-23.23~20.04.2, 5.13.0-25.26~20.04.1, 5.13.0-27.29~20.04.1 |
| Ubuntu:Pro:16.04:LTS | linux-azure | 4.15.0-1110.122~16.04.1, 4.15.0-1111.123~16.04.1, 4.15.0-1113.126~16.04.1 |
| Ubuntu:22.04:LTS | linux-nvidia | 5.15.0-1068.69, 5.15.0-1059.60, 5.15.0-1055.56 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1103.114, 4.15.0-1102.113, 4.15.0-1100.110 |
…and 218 more
Timeline
- Feb 28, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2012-4542 third-party-advisory
- https://rhn.redhat.com/errata/RHSA-2013-0496.html third-party-advisory
- http://marc.info/?l=linux-kernel&m=135903967015813&w=2 third-party-advisory
- https://lkml.org/lkml/2013/1/24/279 third-party-advisory
- https://lkml.org/lkml/2013/5/23/292 third-party-advisory
- https://lkml.org/lkml/2014/8/27/170 third-party-advisory
- https://lore.kernel.org/all/1360163761-8541-1-git-send-email-pbonzini@redhat.com/ third-party-advisory
- https://lore.kernel.org/all/53FDAE65.3080208@redhat.com/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2012-4542 third-party-advisory