CVE-2011-4127

The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.

Published: Jul 3, 2012
Updated: Nov 9, 2025
CVE: CVE-2011-4127
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
suse / linux_enterprise_server	10-sp4	10-sp4.x
linux / linux_kernel	3.0.25	3.0.25.x
linux / linux_kernel	3.1.2	3.1.2.x
linux / linux_kernel	3.0-rc2	3.0-rc2.x
linux / linux_kernel	3.0.22	3.0.22.x
linux / linux_kernel	3.0.5	3.0.5.x
linux / linux_kernel	3.0-rc7	3.0-rc7.x
linux / linux_kernel	3.1-rc1	3.1-rc1.x
linux / linux_kernel	3.1-rc4	3.1-rc4.x
linux / linux_kernel	3.0.18	3.0.18.x
linux / linux_kernel	3.0.6	3.0.6.x
linux / linux_kernel	3.0-rc4	3.0-rc4.x
linux / linux_kernel	3.0.11	3.0.11.x
linux / linux_kernel	3.0.34	3.0.34.x
linux / linux_kernel	3.0.32	3.0.32.x
linux / linux_kernel	3.0.19	3.0.19.x
linux / linux_kernel	-	3.2.1.x
linux / linux_kernel	3.0.4	3.0.4.x
linux / linux_kernel	3.0.27	3.0.27.x
linux / linux_kernel	3.0-rc6	3.0-rc6.x
linux / linux_kernel	3.0.23	3.0.23.x
linux / linux_kernel	3.0.8	3.0.8.x
linux / linux_kernel	3.1	3.1.x
linux / linux_kernel	3.0-rc3	3.0-rc3.x
linux / linux_kernel	3.0.33	3.0.33.x
linux / linux_kernel	3.0.28	3.0.28.x
linux / linux_kernel	3.0-rc1	3.0-rc1.x
linux / linux_kernel	3.0.13	3.0.13.x
linux / linux_kernel	3.0.10	3.0.10.x
linux / linux_kernel	3.0-rc5	3.0-rc5.x
linux / linux_kernel	3.1-rc2	3.1-rc2.x
linux / linux_kernel	3.0.1	3.0.1.x
linux / linux_kernel	3.1.6	3.1.6.x
linux / linux_kernel	3.0.17	3.0.17.x
linux / linux_kernel	3.1.3	3.1.3.x
linux / linux_kernel	3.1.9	3.1.9.x
linux / linux_kernel	3.0.16	3.0.16.x
linux / linux_kernel	3.0.21	3.0.21.x
linux / linux_kernel	3.0.7	3.0.7.x
linux / linux_kernel	3.1.5	3.1.5.x
linux / linux_kernel	3.1.8	3.1.8.x
linux / linux_kernel	3.0.20	3.0.20.x
linux / linux_kernel	3.0.24	3.0.24.x
linux / linux_kernel	3.0.15	3.0.15.x
linux / linux_kernel	3.0.2	3.0.2.x
linux / linux_kernel	3.1.7	3.1.7.x
linux / linux_kernel	3.1.1	3.1.1.x
linux / linux_kernel	3.0.12	3.0.12.x
linux / linux_kernel	3.1.10	3.1.10.x
linux / linux_kernel	3.2	3.2.x
linux / linux_kernel	3.0.3	3.0.3.x
linux / linux_kernel	3.0.9	3.0.9.x
linux / linux_kernel	3.0.26	3.0.26.x
linux / linux_kernel	3.1.4	3.1.4.x
linux / linux_kernel	3.0.30	3.0.30.x
linux / linux_kernel	3.0.31	3.0.31.x
linux / linux_kernel	3.0.29	3.0.29.x
linux / linux_kernel	3.0.14	3.0.14.x
linux / linux_kernel	3.1-rc3	3.1-rc3.x

Vulnerability Database

313,825

CVE-2011-4127

Deep Security Visibility Without the Complexity