Linux Kernel SCSI IOCTL Integer Overflow Vulnerability
The Linux Kernel is reported prone to a local integer overflow vulnerability. The issue occurs in the 'sg_scsi_ioctl' function of the 'scsi_ioctl.c' kernel driver.
The vulnerability exists due to a lack of sufficient sanitization performed on user-controlled integer values before these values are employed as the size argument of a user-land to kernel memory copy operation.
This vulnerability may be leveraged to corrupt kernel memory and ultimately execute arbitrary code with ring-0 privileges. Alternatively, the issue may be exploited to trigger a kernel panic or to disclose contents of kernel memory.
It is reported that a user must have access to the respective SCSI devices in order to exploit this issue. This may hinder exploitability.