Host storage devices vulnerable with KVM Linux virtualisation
According to a kernel update advisory by Red Hat, root users in a guest system that is virtualised with KVM (Kernel-based Virtual Machine) can, in certain circumstances, gain read and write access to the Linux host's storage devices. The advisory says that the hole exists when a host makes available partitions or LVM volumes to the guest as "raw disks" via virtio. Privileged guest users can send SCSI requests to such volumes that the host will execute on the underlying storage device – which allows the guest system to access all areas of the device rather than just the permitted partitions or volumes.
The hole has been rated as "important" and is listed under CVE ID 2011-4127. Further background information is available in an entry in Red Hat's bug database and in a blog posting by a Red Hat developer. Meanwhile, the kernel developers are discussing the most suitable way to fix the problem; a patch that was suggested by another Red Hat developer hasn't met Linus Torvalds' approval. Torvalds also thinks that the patch is too dangerous to be integrated into the Linux main development branch at this point; the main development branch is expected to produce version 3.2 of the Linux kernel in early January.