VDB
CVE-2026-2492
CVE-2026-2492
PUBLISHED
Reported by redhat · Published February 28, 2013
block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| linux | linux_kernel | 4.8, 4.8, 4.8 |
| Linux | Linux | 0, 5.10.251, 5.15.201 |
| n/a | n/a | n/a |
Exploit Intelligence
- CIRCL seen: CVE-2012-4542 (circl-sighting)
- RHSA-2013:0579 (circl)
- RHSA-2013:0882 (circl)
- RHSA-2013:0928 (circl)
- [linux-kernel] 20130124 [PATCH 00/13] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542) (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=875360 (circl)
- RHSA-2013:0496 (circl)
- https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=76a274e17114abf1a77de6b651424648ce9e10c8 (circl)
- [linux-kernel] 20130124 [PATCH 04/13] sg_io: resolve conflicts between commands assigned to multiple classes (CVE-2012-4542) (circl)
- https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b (circl)
…and 80 more exploits
Timeline
- Feb 28, 2013 CVE Published
- Aug 6, 2024 CVE Updated
- Oct 17, 2025 PoC Published
- Oct 21, 2025 PoC Published
- Dec 18, 2025 PoC Published
- Dec 19, 2025 PoC Published
- Dec 26, 2025 PoC Published
- Dec 29, 2025 PoC Published
- Dec 30, 2025 PoC Published
- Dec 30, 2025 PoC Published
- Dec 30, 2025 PoC Published
- Jan 7, 2026 PoC Published
References
- RHSA-2013:0496 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:0882 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:0928 vendor-advisoryx_refsource_REDHAT
- [linux-kernel] 20130124 [PATCH 00/13] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542) mailing-listx_refsource_MLIST
- x_refsource_CONFIRM
- [linux-kernel] 20130124 [PATCH 04/13] sg_io: resolve conflicts between commands assigned to multiple classes (CVE-2012-4542) mailing-listx_refsource_MLIST
- RHSA-2013:0579 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71232 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23222 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22998 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23212 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71235 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2492 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23220 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23228 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27571 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40082 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23216 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71229 advisory
…and 9 more