Candidate: CVE-2007-4308 References: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc2 http://lkml.org/lkml/2007/7/23/195 linux-2.6 commit 719be62903a6e6419789557cb3ed0e840d3e4ca9 Description: The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. Ubuntu-Description: It was discovered that the aacraid SCSI driver did not correctly check permissions on certain ioctls. A local attacker could cause a denial of service or gain privileges. Notes: jmm> 2.4.27 code is quite different, but appears vulnerable as well Bugs: 443694 upstream: released (2.6.23-rc2) linux-2.6: released (2.6.22-4) 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/aacraid-ioctl-perm-check.patch] 2.6.8-sarge-security: released (2.6.8-17sarge1) [aacraid-ioctl-perm-check.dpatch] 2.4.27-sarge-security: released (2.4.27-10sarge6) [262_aacraid-ioctl-perm-check.diff] 2.6.15-dapper-security: released (2.6.15-29.58) 2.6.17-edgy-security: released (2.6.17.1-12.40) 2.6.20-feisty-security: released (2.6.20-16.31)