CVE-2026-2492 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-2492 PUBLISHED

Reported by redhat · Published February 28, 2013

block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
linux	linux_kernel	4.8, 4.8, 4.8
Linux	Linux	4.8, 0, 5.10.251
n/a	n/a	n/a

Timeline

Feb 28, 2013 CVE Published
Aug 6, 2024 CVE Updated
Oct 17, 2025 PoC Published
Oct 21, 2025 PoC Published
Dec 18, 2025 PoC Published
Dec 19, 2025 PoC Published
Dec 26, 2025 PoC Published
Dec 29, 2025 PoC Published
Dec 30, 2025 PoC Published
Dec 30, 2025 PoC Published
Dec 30, 2025 PoC Published
Jan 7, 2026 PoC Published

References

RHSA-2013:0496 vendor-advisoryx_refsource_REDHAT
RHSA-2013:0882 vendor-advisoryx_refsource_REDHAT
RHSA-2013:0928 vendor-advisoryx_refsource_REDHAT
[linux-kernel] 20130124 [PATCH 00/13] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542) mailing-listx_refsource_MLIST
x_refsource_CONFIRM
[linux-kernel] 20130124 [PATCH 04/13] sg_io: resolve conflicts between commands assigned to multiple classes (CVE-2012-4542) mailing-listx_refsource_MLIST
RHSA-2013:0579 vendor-advisoryx_refsource_REDHAT
x_refsource_CONFIRM
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71232 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23222 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22998 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23212 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71235 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2492 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23220 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23228 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27571 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40082 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23216 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71229 advisory

…and 9 more

Open in Interactive Console →