Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability

info
discussion
exploit
solution
references

Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability

The Linux kernel is susceptible to a local access-validation vulnerability in the SDLA driver.

This issue allows local users with the 'CAP_NET_ADMIN' capability, but without the 'CAP_SYS_RAWIO' capability, to read and write to the SDLA device firmware. This may cause a denial-of-service issue if attackers write an invalid firmware. Other attacks may also be possibly by writing modified firmware files.